diff options
| -rw-r--r-- | doc/de/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | doc/en/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | doc/fr/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | doc/it/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | doc/ja/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | doc/pl/autogen/user/relay_options.adoc | 4 | ||||
| -rw-r--r-- | po/cs.po | 8 | ||||
| -rw-r--r-- | po/de.po | 9 | ||||
| -rw-r--r-- | po/es.po | 8 | ||||
| -rw-r--r-- | po/fr.po | 17 | ||||
| -rw-r--r-- | po/hu.po | 8 | ||||
| -rw-r--r-- | po/it.po | 8 | ||||
| -rw-r--r-- | po/ja.po | 8 | ||||
| -rw-r--r-- | po/pl.po | 8 | ||||
| -rw-r--r-- | po/pt.po | 8 | ||||
| -rw-r--r-- | po/pt_BR.po | 8 | ||||
| -rw-r--r-- | po/ru.po | 8 | ||||
| -rw-r--r-- | po/tr.po | 8 | ||||
| -rw-r--r-- | po/weechat.pot | 8 | ||||
| -rw-r--r-- | src/plugins/relay/relay-config.c | 32 | ||||
| -rw-r--r-- | src/plugins/relay/weechat/relay-weechat-protocol.c | 33 |
21 files changed, 97 insertions, 106 deletions
diff --git a/doc/de/autogen/user/relay_options.adoc b/doc/de/autogen/user/relay_options.adoc index 10c18ab64..4e78d6fcd 100644 --- a/doc/de/autogen/user/relay_options.adoc +++ b/doc/de/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** Standardwert: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** Beschreibung: pass:none[durch Kommata getrennte Liste von Befehlen die erlaubt/verboten sind wenn Daten (Text oder Befehl) vom Client empfangen werden; "*" bedeutet alle Befehle sind erlaubt, beginnt ein Befehl hingegen mit "!" wird die Auswahl umgekehrt und der Befehl wird nicht ausgeführt, der Platzhalter "*" ist erlaubt; standardmäßig sind einige Befehle nicht erlaubt (die zu einem denial of service oder einer remote code execution führen können, wenn der Client nicht vertrauenswürdig ist)] +** Beschreibung: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; this option should be set if the relay client is not safe (someone could use it to run commands); for example "*,!exec,!quit" allows any command except /exec and /quit] ** Typ: Zeichenkette ** Werte: beliebige Zeichenkette -** Standardwert: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** Standardwert: `+""+` diff --git a/doc/en/autogen/user/relay_options.adoc b/doc/en/autogen/user/relay_options.adoc index a977e270c..f3ae28135 100644 --- a/doc/en/autogen/user/relay_options.adoc +++ b/doc/en/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** default value: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** description: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)] +** description: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; this option should be set if the relay client is not safe (someone could use it to run commands); for example "*,!exec,!quit" allows any command except /exec and /quit] ** type: string ** values: any string -** default value: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** default value: `+""+` diff --git a/doc/fr/autogen/user/relay_options.adoc b/doc/fr/autogen/user/relay_options.adoc index 913a82d35..5adc8ec43 100644 --- a/doc/fr/autogen/user/relay_options.adoc +++ b/doc/fr/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** valeur par défaut: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** description: pass:none[liste des commandes autorisées/interdites lorsque qu'une entrée de données (texte ou commande) est reçue du client (séparées par des virgules) ; "*" signifie toutes les commandes, un nom commençant par "!" est une valeur négative pour empêcher une commande d'être exécutée, le caractère joker "*" est autorisé dans les noms ; par défaut certaines commandes ne sont pas autorisées (elles pourraient conduire à un déni de service ou l'exécution de commandes à distance si le client n'est pas sûr)] +** description: pass:none[liste des commandes autorisées/interdites lorsque qu'une entrée de données (texte ou commande) est reçue du client (séparées par des virgules) ; "*" signifie toutes les commandes, un nom commençant par "!" est une valeur négative pour empêcher une commande d'être exécutée, le caractère joker "*" est autorisé dans les noms ; cette option devrait être définie si le client relay n'est pas sûr (quelqu'un pourrait l'utiliser pour exécuter des commandes) ; par exemple "*,!exec,!quit" autorise toute commande sauf /exec et /quit] ** type: chaîne ** valeurs: toute chaîne -** valeur par défaut: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** valeur par défaut: `+""+` diff --git a/doc/it/autogen/user/relay_options.adoc b/doc/it/autogen/user/relay_options.adoc index 63d54ed32..03e9c6faf 100644 --- a/doc/it/autogen/user/relay_options.adoc +++ b/doc/it/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** valore predefinito: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** descrizione: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)] +** descrizione: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; this option should be set if the relay client is not safe (someone could use it to run commands); for example "*,!exec,!quit" allows any command except /exec and /quit] ** tipo: stringa ** valori: qualsiasi stringa -** valore predefinito: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** valore predefinito: `+""+` diff --git a/doc/ja/autogen/user/relay_options.adoc b/doc/ja/autogen/user/relay_options.adoc index ef217699a..6d7c18e20 100644 --- a/doc/ja/autogen/user/relay_options.adoc +++ b/doc/ja/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** デフォルト値: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** 説明: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)] +** 説明: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; this option should be set if the relay client is not safe (someone could use it to run commands); for example "*,!exec,!quit" allows any command except /exec and /quit] ** タイプ: 文字列 ** 値: 未制約文字列 -** デフォルト値: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** デフォルト値: `+""+` diff --git a/doc/pl/autogen/user/relay_options.adoc b/doc/pl/autogen/user/relay_options.adoc index cd08c10b4..5efedcec9 100644 --- a/doc/pl/autogen/user/relay_options.adoc +++ b/doc/pl/autogen/user/relay_options.adoc @@ -183,7 +183,7 @@ ** domyślna wartość: `+""+` * [[option_relay.weechat.commands]] *relay.weechat.commands* -** opis: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)] +** opis: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; this option should be set if the relay client is not safe (someone could use it to run commands); for example "*,!exec,!quit" allows any command except /exec and /quit] ** typ: ciąg ** wartości: dowolny ciąg -** domyślna wartość: `+"*,!exec,!fset,!guile,!javascript,!lua,!perl,!php,!plugin,!python,!quit,!repeat,!ruby,!script,!secure,!set,!tcl,!unset,!upgrade,!wait"+` +** domyślna wartość: `+""+` @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Ondřej Súkup <mimi.vx@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -10868,9 +10868,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -24,7 +24,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-03-09 19:33+0100\n" "Last-Translator: Nils Görs <weechatter@arcor.de>\n" "Language-Team: German <kde-i18n-de@kde.org>\n" @@ -12768,13 +12768,14 @@ msgstr "" "gesendet wird); keine Zeichenkette = deaktiviert die Zeitanzeige im " "Verlaufsspeicher" +#, fuzzy msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" "durch Kommata getrennte Liste von Befehlen die erlaubt/verboten sind wenn " "Daten (Text oder Befehl) vom Client empfangen werden; \"*\" bedeutet alle " @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -11221,9 +11221,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -21,8 +21,8 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" -"PO-Revision-Date: 2019-03-09 17:51+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" +"PO-Revision-Date: 2019-03-11 20:48+0100\n" "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" "Language: fr\n" @@ -12495,17 +12495,18 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" "liste des commandes autorisées/interdites lorsque qu'une entrée de données " "(texte ou commande) est reçue du client (séparées par des virgules) ; \"*\" " "signifie toutes les commandes, un nom commençant par \"!\" est une valeur " "négative pour empêcher une commande d'être exécutée, le caractère joker \"*" -"\" est autorisé dans les noms ; par défaut certaines commandes ne sont pas " -"autorisées (elles pourraient conduire à un déni de service ou l'exécution de " -"commandes à distance si le client n'est pas sûr)" +"\" est autorisé dans les noms ; cette option devrait être définie si le " +"client relay n'est pas sûr (quelqu'un pourrait l'utiliser pour exécuter des " +"commandes) ; par exemple \"*,!exec,!quit\" autorise toute commande sauf /" +"exec et /quit" msgid "number of clients for relay" msgstr "nombre de clients pour le relai" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:18+0100\n" "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -10227,9 +10227,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -11423,9 +11423,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n" "Language-Team: Japanese <https://github.com/l/weechat/tree/master/" @@ -12043,9 +12043,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" msgid "number of clients for relay" @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Krzysztof Korościk <soltys@soltys.info>\n" "Language-Team: Polish <kde-i18n-doc@kde.org>\n" @@ -12227,9 +12227,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" msgid "number of clients for relay" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Vasco Almeida <vascomalmeida@sapo.pt>\n" "Language-Team: Portuguese <>\n" @@ -11883,9 +11883,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" msgid "number of clients for relay" diff --git a/po/pt_BR.po b/po/pt_BR.po index df891778e..70335cfaa 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:53+0100\n" "Last-Translator: Eduardo Elias <camponez@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -10676,9 +10676,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-02-28 20:19+0100\n" "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -10260,9 +10260,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" #, fuzzy @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2019-01-29 21:05+0100\n" "Last-Translator: Hasan Kiran <sunder67@hotmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -9322,9 +9322,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" msgid "number of clients for relay" diff --git a/po/weechat.pot b/po/weechat.pot index 8f26318b6..5c71bd87d 100644 --- a/po/weechat.pot +++ b/po/weechat.pot @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2019-03-09 17:49+0100\n" +"POT-Creation-Date: 2019-03-11 20:47+0100\n" "PO-Revision-Date: 2014-08-16 10:27+0200\n" "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -9189,9 +9189,9 @@ msgid "" "comma-separated list of commands allowed/denied when input data (text or " "command) is received from a client; \"*\" means any command, a name " "beginning with \"!\" is a negative value to prevent a command from being " -"executed, wildcard \"*\" is allowed in names; by default some commands are " -"not allowed (they could lead to denial of service or remote code execution " -"if the client is not trusted)" +"executed, wildcard \"*\" is allowed in names; this option should be set if " +"the relay client is not safe (someone could use it to run commands); for " +"example \"*,!exec,!quit\" allows any command except /exec and /quit" msgstr "" msgid "number of clients for relay" diff --git a/src/plugins/relay/relay-config.c b/src/plugins/relay/relay-config.c index 66e7de8cd..065b342b9 100644 --- a/src/plugins/relay/relay-config.c +++ b/src/plugins/relay/relay-config.c @@ -1039,33 +1039,11 @@ relay_config_init () "data (text or command) is received from a client; " "\"*\" means any command, a name beginning with \"!\" is " "a negative value to prevent a command from being executed, " - "wildcard \"*\" is allowed in names; by default some commands " - "are not allowed (they could lead to denial of service or remote " - "code execution if the client is not trusted)"), - NULL, 0, 0, - "*," - "!exec," - "!fset," - "!guile," - "!javascript," - "!key," - "!lua," - "!perl," - "!php," - "!plugin," - "!python," - "!quit," - "!repeat," - "!ruby," - "!script," - "!secure," - "!set," - "!tcl," - "!trigger," - "!unset," - "!upgrade," - "!wait", - NULL, 0, + "wildcard \"*\" is allowed in names; this option should be set if " + "the relay client is not safe (someone could use it to run " + "commands); for example \"*,!exec,!quit\" allows any command " + "except /exec and /quit"), + NULL, 0, 0, "", NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); diff --git a/src/plugins/relay/weechat/relay-weechat-protocol.c b/src/plugins/relay/weechat/relay-weechat-protocol.c index ed1a34d9e..184024927 100644 --- a/src/plugins/relay/weechat/relay-weechat-protocol.c +++ b/src/plugins/relay/weechat/relay-weechat-protocol.c @@ -402,6 +402,7 @@ relay_weechat_protocol_input_timer_cb (const void *pointer, int remaining_calls) { char **timer_args; + const char *ptr_weechat_commands; int i; struct t_gui_buffer *ptr_buffer; struct t_hashtable *options; @@ -420,18 +421,28 @@ relay_weechat_protocol_input_timer_cb (const void *pointer, ptr_buffer = weechat_buffer_search ("==", timer_args[0]); if (ptr_buffer) { - options = weechat_hashtable_new (8, - WEECHAT_HASHTABLE_STRING, - WEECHAT_HASHTABLE_STRING, - NULL, NULL); - if (options) + ptr_weechat_commands = weechat_config_string ( + relay_config_weechat_commands); + if (ptr_weechat_commands && ptr_weechat_commands[0]) { - weechat_hashtable_set ( - options, - "commands", - weechat_config_string (relay_config_weechat_commands)); - weechat_command_options (ptr_buffer, timer_args[1], options); - weechat_hashtable_free (options); + options = weechat_hashtable_new (8, + WEECHAT_HASHTABLE_STRING, + WEECHAT_HASHTABLE_STRING, + NULL, NULL); + if (options) + { + weechat_hashtable_set ( + options, + "commands", + weechat_config_string (relay_config_weechat_commands)); + weechat_command_options (ptr_buffer, timer_args[1], + options); + weechat_hashtable_free (options); + } + } + else + { + weechat_command (ptr_buffer, timer_args[1]); } } } |