mirror of
https://github.com/jlu5/PyLink.git
synced 2024-12-26 12:43:09 +01:00
[SECURITY] permissions: only whitelist the defined login:user for legacy accounts
It's possible for login:user and login:accounts to be used together, although this is discouraged.
(cherry picked from commit 4eb0420378
)
This commit is contained in:
parent
e02ab9f2ff
commit
e0a618f317
@ -32,7 +32,8 @@ def check_permissions(irc, uid, perms, also_show=[]):
|
||||
"""
|
||||
# For old (< 1.1 login blocks):
|
||||
# If the user is logged in, they automatically have all permissions.
|
||||
if irc.match_host('$pylinkacc', uid) and conf.conf['login'].get('user'):
|
||||
olduser = conf.conf['login'].get('user')
|
||||
if olduser and irc.match_host('$pylinkacc:%s' % olduser, uid):
|
||||
log.debug('permissions: overriding permissions check for old-style admin user %s',
|
||||
irc.get_hostmask(uid))
|
||||
return True
|
||||
|
Loading…
Reference in New Issue
Block a user