From 5ee15c38bb2652409aa2489113d6273ce74119dd Mon Sep 17 00:00:00 2001
From: James Lu <james@overdrivenetworks.com>
Date: Fri, 29 Sep 2017 16:31:56 -0700
Subject: [PATCH] ChannelIdDatabasePlugin: limit --regexp to trusted users

Overcomplicated regexps can freeze the bot, an issue which is amplified as a database (e.g. for quotes) grows. Closes #855.
---
 plugins/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/plugins/__init__.py b/plugins/__init__.py
index 8225bd4be..ac81862fa 100644
--- a/plugins/__init__.py
+++ b/plugins/__init__.py
@@ -406,6 +406,12 @@ class ChannelIdDatabasePlugin(callbacks.Plugin):
             if opt == 'by':
                 predicates.append(lambda r, arg=arg: r.by == arg.id)
             elif opt == 'regexp':
+                if not ircdb.checkCapability(msg.prefix, 'trusted'):
+                    # Limited --regexp to trusted users, because specially
+                    # crafted regexps can freeze the bot. See
+                    # https://github.com/ProgVal/Limnoria/issues/855 for details
+                    irc.errorNoCapability('trusted')
+
                 predicates.append(lambda r: regexp_wrapper(r.text, reobj=arg,
                         timeout=0.1, plugin_name=self.name(), fcn_name='search'))
         if glob: