GitHub/PyLink
3
0
Fork 0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-24 19:49:24 +01:00
Code Issues Projects Releases Wiki Activity

[SECURITY] permissions: only whitelist the defined login:user for legacy accounts

Browse Source 
It's possible for login:user and login:accounts to be used together, although this is discouraged.

(cherry picked from commit 4eb0420378)
This commit is contained in:
James Lu 2019-06-26 13:17:00 -07:00
parent e02ab9f2ff
commit e0a618f317
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
coremods/permissions.py
View File

@ -32,7 +32,8 @@ def check_permissions(irc, uid, perms, also_show=[]):
""" """
# For old (< 1.1 login blocks): # For old (< 1.1 login blocks):
# If the user is logged in, they automatically have all permissions. # If the user is logged in, they automatically have all permissions.
if irc.match_host('$pylinkacc', uid) and conf.conf['login'].get('user'): olduser = conf.conf['login'].get('user')
if olduser and irc.match_host('$pylinkacc:%s' % olduser, uid):
log.debug('permissions: overriding permissions check for old-style admin user %s', log.debug('permissions: overriding permissions check for old-style admin user %s',
irc.get_hostmask(uid)) irc.get_hostmask(uid))
return True return True