From d7ba4785197f01f553beffff6e47a0ddeefe0b96 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Mon, 1 Mar 2021 11:47:29 -0500
Subject: [PATCH] validate that passphrases are valid as non-final IRC
 parameters

---
 irc/accounts.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/irc/accounts.go b/irc/accounts.go
index f1d0131f..413e1780 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -479,7 +479,11 @@ func validatePassphrase(passphrase string) error {
 	if passphrase == "*" {
 		return errAccountBadPassphrase
 	}
-	// for now, just enforce that spaces are not allowed
+	// validate that the passphrase contains no spaces, and furthermore is valid as a
+	// non-final IRC parameter. we already checked that it is nonempty:
+	if passphrase[0] == ':' {
+		return errAccountBadPassphrase
+	}
 	for _, r := range passphrase {
 		if unicode.IsSpace(r) {
 			return errAccountBadPassphrase