mirror of
https://github.com/jlu5/PyLink.git
synced 2024-11-28 05:29:25 +01:00
[SECURITY] permissions: only whitelist the defined login:user for legacy accounts
It's possible for login:user and login:accounts to be used together, although this is discouraged.
(cherry picked from commit 4eb0420378
)
This commit is contained in:
parent
e02ab9f2ff
commit
e0a618f317
@ -32,7 +32,8 @@ def check_permissions(irc, uid, perms, also_show=[]):
|
|||||||
"""
|
"""
|
||||||
# For old (< 1.1 login blocks):
|
# For old (< 1.1 login blocks):
|
||||||
# If the user is logged in, they automatically have all permissions.
|
# If the user is logged in, they automatically have all permissions.
|
||||||
if irc.match_host('$pylinkacc', uid) and conf.conf['login'].get('user'):
|
olduser = conf.conf['login'].get('user')
|
||||||
|
if olduser and irc.match_host('$pylinkacc:%s' % olduser, uid):
|
||||||
log.debug('permissions: overriding permissions check for old-style admin user %s',
|
log.debug('permissions: overriding permissions check for old-style admin user %s',
|
||||||
irc.get_hostmask(uid))
|
irc.get_hostmask(uid))
|
||||||
return True
|
return True
|
||||||
|
Loading…
Reference in New Issue
Block a user