3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-12-26 12:43:09 +01:00

[SECURITY] permissions: only whitelist the defined login:user for legacy accounts

It's possible for login:user and login:accounts to be used together, although this is discouraged.

(cherry picked from commit 4eb0420378)
This commit is contained in:
James Lu 2019-06-26 13:17:00 -07:00
parent e02ab9f2ff
commit e0a618f317

View File

@ -32,7 +32,8 @@ def check_permissions(irc, uid, perms, also_show=[]):
"""
# For old (< 1.1 login blocks):
# If the user is logged in, they automatically have all permissions.
if irc.match_host('$pylinkacc', uid) and conf.conf['login'].get('user'):
olduser = conf.conf['login'].get('user')
if olduser and irc.match_host('$pylinkacc:%s' % olduser, uid):
log.debug('permissions: overriding permissions check for old-style admin user %s',
irc.get_hostmask(uid))
return True