diff options
| author | Sébastien Helleu <flashcode@flashtux.org> | 2019-03-09 17:51:40 +0100 |
|---|---|---|
| committer | Sébastien Helleu <flashcode@flashtux.org> | 2019-03-09 17:54:06 +0100 |
| commit | dd44c1db16d0ec9359f6403337bbff59f98a389b (patch) | |
| tree | 7d66cd5858cfedab82f69d5fbc2adee8fdd683cf /src/plugins/relay | |
| parent | 2f5aa3b5097db7a0c475ab73e487a2af30a59b99 (diff) | |
| download | weechat-dd44c1db16d0ec9359f6403337bbff59f98a389b.zip | |
relay: add extra forbidden commands in weechat protocol (issue #928)
Commands were already forbidden (option relay.weechat.commands):
- /exec
- /upgrade
- /quit
These extra commands are now forbidden by default:
- /fset
- /set
- /unset
- /plugin
- /script
- /python
- /perl
- /ruby
- /lua
- /tcl
- /guile
- /javascript
- /php
- /secure
Diffstat (limited to 'src/plugins/relay')
| -rw-r--r-- | src/plugins/relay/relay-config.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/plugins/relay/relay-config.c b/src/plugins/relay/relay-config.c index dccb025c5..05d145cc5 100644 --- a/src/plugins/relay/relay-config.c +++ b/src/plugins/relay/relay-config.c @@ -1029,11 +1029,13 @@ relay_config_init () "data (text or command) is received from a client; " "\"*\" means any command, a name beginning with \"!\" is " "a negative value to prevent a command from being executed, " - "wildcard \"*\" is allowed in names; by default all commands " - "are allowed except /exec, /upgrade and /quit (which could lead " - "to denial of service or remote code execution if the client is " - "not trusted)"), - NULL, 0, 0, "*,!exec,!upgrade,!quit", NULL, 0, + "wildcard \"*\" is allowed in names; by default some commands " + "are not allowed (they could lead to denial of service or remote " + "code execution if the client is not trusted)"), + NULL, 0, 0, + "*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua," + "!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit", + NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); |