|
Please don't impose restrictions in the nickname valid charset. It depends on the server-side implementation which characters will be accepted in a nickname, and there's way to detect that beforehand.See for example UnrealIRCd that accepts several charsets (iso8859-1, etc).
Patch follows (use edit mode to retrieve..):
diff -ur cgiirc-0.5.4.old/interfaces/default.pm cgiirc-0.5.4/interfaces/default.pm --- cgiirc-0.5.4.old/interfaces/default.pm 2003-10-31 19:51:24.000000000 +0100 +++ cgiirc-0.5.4/interfaces/default.pm 2006-04-30 11:36:32.000000000 +0200 @@ -94,23 +94,12 @@ document.loginform["interface"].value = 'opera'; } } -function nickvalid() { - var nick = document.loginform.Nickname.value; - if(nick.match(/^[A-Za-z0-9\\[\\]\\{\\}^\\\\\\|\\_\\-\`]{1,32}\$/)) - return true; - alert('Please enter a valid nickname'); - document.loginform.Nickname.value = nick.replace(/[^A-Za-z0-9\\[\\]\\{\\}^\\\\\\|\\_\\-\`]/g, ''); - return false; -} EOF }else{ # dummy functions print <<EOF; function setjs() { return true; } -function nickvalid() { - return true; -} EOF } print <<EOF; @@ -124,7 +113,7 @@ print "<font size=\"+1\" color=\"red\">Your browser does not correctly support CGI:IRC, it might not work or other problems may occur. Please consider upgrading.</font>\n"; } print <<EOF; -<form method="post" action="$this" name="loginform" onsubmit="setjs();return nickvalid()"> +<form method="post" action="$this" name="loginform" onsubmit="setjs();return true"> EOF print "<input type=\"hidden\" name=\"interface\" value=\"" . ($interface eq 'default' ? 'nonjs' : $interface) . "\">\n"; diff -ur cgiirc-0.5.4.old/modules/IRC/Util.pm cgiirc-0.5.4/modules/IRC/Util.pm --- cgiirc-0.5.4.old/modules/IRC/Util.pm 2003-10-27 18:18:52.000000000 +0100 +++ cgiirc-0.5.4/modules/IRC/Util.pm 2006-04-30 11:36:05.000000000 +0200 @@ -14,9 +14,6 @@ }
sub is_vaild_nickname { - return 0 if length $_[0] > 32 or length $_[0] < 1; - return 0 if $_[0] =~ /[^A-Za-z0-9-_\[\]\\\`\^\{\}\|]/; - return 0 if $_[0] =~ /^[^A-Za-z_\\\[\]\`\^\{\}\|]/; return 1; }
diff -ur cgiirc-0.5.4.old/nph-irc.cgi cgiirc-0.5.4/nph-irc.cgi --- cgiirc-0.5.4.old/nph-irc.cgi 2004-01-29 12:24:48.000000000 +0100 +++ cgiirc-0.5.4/nph-irc.cgi 2006-04-30 11:36:05.000000000 +0200 @@ -1067,8 +1067,6 @@ ($cgi->{port}) = $cgi->{port} =~ /(\d+)/;
$cgi->{nick} =~ s/\?/int rand 10/eg; - # Only valid nickname characters - $cgi->{nick} =~ s/[^A-Za-z0-9\[\]\{\}^\\\|\_\-\`]//g;$interface = load_interface();
|
2006-Apr-30 09:43:33 by anonymous:
I forgot to paste URL to UnrealIRCd reference:¤http://www.vulnscan.org/UnrealIRCd/unreal32docs.html#feature_nickchars
2006-Apr-30 12:24:42 by dgl:
Thanks.That patch as-is badly breaks CGI:IRC because is_valid_nickname will return true for a channel too.
I'll do it slightly differently.
|
Type: code Version: 0.5.4 Status: new Created: 2006-Apr-30 09:43 Severity: 5 Last Change: 2006-Apr-30 09:43 Priority: 3 Subsystem: irc Assigned To: dgl Derived From: Creator: anonymous Operating system: all
| 2006-Apr-30 12:51 | • | Check-in [265] : Fixes for tickets: #27 , #60 , #68 , #69 , #70 , #71 , #92 , #131 , #144 (By dgl) |