Security Update

(1) **s (Ptt_prints):
    Only information can be queried by others will be revealed.
    i.e., **b(birthday), **u(utmp number) will be removed
          **m(money) will show level messages instead of real number
(2) Reply will show as **X instead of converted message
(3) Ansi (^V) mode in editor will display as **X.


git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2878 63ad8ddf-47c3-0310-b6dd-a9e9d9715204

5 files changed, 135 insertions, 20 deletions

diff --git a/include/proto.h b/include/proto.h
index e0cca3e2..8a922f2c 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -167,6 +167,7 @@ void add_posttimes(int uid, int times);
 
 /* cal */
 int give_tax(int money);
+const char* money_level(int money);
 int vice(int money, const char* item);
 #define reload_money()  cuser.money=moneyof(usernum)
 int deumoney(int uid, int money);
diff --git a/mbbsd/cal.c b/mbbsd/cal.c
index 8658e850..bf4572b6 100644
--- a/mbbsd/cal.c
+++ b/mbbsd/cal.c
@@ -58,6 +58,24 @@ unlockutmpmode(void)
 /* 使用錢的函數 */
 #define VICE_NEW   "vice.new"
 
+const char*
+money_level(int money)
+{
+    int i = 0;
+
+    static const char *money_msg[] =
+    {
+	"債台高築", "赤貧", "清寒", "普通", "小康",
+	"小富", "中富", "大富翁", "富可敵國", "比爾蓋\天", NULL
+    };
+    while (money_msg[i] && money > 10)
+	i++, money /= 10;
+
+    if(!money_msg[i])
+	i--;
+    return money_msg[i];
+}
+
 /* Heat:發票 */
 int
 vice(int money, const char *item)
diff --git a/mbbsd/edit.c b/mbbsd/edit.c
index 432b8903..65934228 100644
--- a/mbbsd/edit.c
+++ b/mbbsd/edit.c
@@ -1188,6 +1188,38 @@ garbage_line(const char *str)
 }
 
 static void
+quote_strip_ansi_inline(unsigned char *is)
+{
+    unsigned char *os = is;
+
+    while (*is)
+    {
+	if(*is != ESC_CHR)
+	    *os++ = *is;
+	else
+	{
+	    is ++;
+	    if(*is == '*')
+	    {
+		/* ptt prints, keep it as normal */
+		*os++ = '*';
+		*os++ = '*';
+	    } 
+	    else 
+	    {
+		/* normal ansi, strip them out. */
+		while (*is && ANSI_IN_ESCAPE(*is))
+		    is++;
+	    }
+	}
+	is++;
+
+    }
+
+    *os = 0;
+}
+
+static void
 do_quote(void)
 {
     int             op;
@@ -1233,15 +1265,19 @@ do_quote(void)
 	    if (op != 'a')	/* 去掉 header */
 		while (fgets(buf, 256, inf) && buf[0] != '\n');
 
+
 	    if (op == 'a')
 		while (fgets(buf, 256, inf)) {
 		    insert_char(':');
 		    insert_char(' ');
-		    insert_string(Ptt_prints(buf, STRIP_ALL));
+		    quote_strip_ansi_inline(buf);
+		    insert_string(buf);
 		}
 	    else if (op == 'r')
-		while (fgets(buf, 256, inf))
-		    insert_string(Ptt_prints(buf, NO_RELOAD));
+		while (fgets(buf, 256, inf)) {
+		    quote_strip_ansi_inline(buf);
+		    insert_string(buf);
+		}
 	    else {
 		if (curredit & EDIT_LIST)	/* 去掉 mail list 之 header */
 		    while (fgets(buf, 256, inf) && (!strncmp(buf, "※ ", 3)));
@@ -1251,7 +1287,8 @@ do_quote(void)
 		    if (!garbage_line(buf)) {
 			insert_char(':');
 			insert_char(' ');
-			insert_string(Ptt_prints(buf, STRIP_ALL));
+			quote_strip_ansi_inline(buf);
+			insert_string(buf);
 		    }
 		}
 	    }
@@ -1866,11 +1903,17 @@ edit_outs_n(const char *text, int n)
     {
 	if(inAnsi)
 	{
-	    outc(ch);
-	    if(!ANSI_IN_ESCAPE(ch))
+	    if(ch == ESC_CHR)
+		outc('*');
+	    else
 	    {
-		inAnsi = 0;
-		outs(ANSI_RESET);
+		outc(ch);
+
+		if(!ANSI_IN_ESCAPE(ch))
+		{
+		    inAnsi = 0;
+		    outs(ANSI_RESET);
+		}
 	    }
 
 	}
@@ -1916,6 +1959,61 @@ edit_outs_n(const char *text, int n)
 	outs(ANSI_RESET);
 }
 
+static void
+edit_ansi_outs(const char *str)
+{
+    char c;
+    while ((c = *str++)) {
+	if(c == ESC_CHR && *str == '*')
+	{
+	    // ptt prints
+	    /* Because moving within ptt_prints is too hard
+	     * let's just display it as-is.
+	     */
+	    outc('*');
+	    /*
+	    char buf[64] = ESC_STR "*x";
+
+	    str ++;
+	    buf[2] = *str++;
+	    Ptt_prints(buf, NO_RELOAD);
+	    outs(buf);
+	    */
+	} else {
+	    outc(c);
+	}
+    }
+}
+
+static void
+edit_ansi_outs_n(const char *str, int n)
+{
+    char c;
+    while (n-- > 0 && (c = *str++)) {
+	if(c == ESC_CHR && *str == '*')
+	{
+	    // ptt prints
+	    /* Because moving within ptt_prints is too hard
+	     * let's just display it as-is.
+	     */
+	    outc('*');
+	    /*
+	    char buf[64] = ESC_STR "*x";
+
+	    str ++;
+	    buf[2] = *str++;
+	    Ptt_prints(buf, NO_RELOAD);
+	    if(strlen(buf) > n+1)
+		buf[n+1] = 0;
+	    outs(buf);
+	    n -= strlen(buf);
+	    */
+	} else {
+	    outc(c);
+	}
+    }
+}
+
 static inline void
 display_textline_internal(textline_t *p, int i, int min, int max)
 {
@@ -1933,8 +2031,8 @@ display_textline_internal(textline_t *p, int i, int min, int max)
     }
 
     if (curr_buf->ansimode) {
-	output = outs;
-	output_n = outs_n;
+	output = edit_ansi_outs;
+	output_n = edit_ansi_outs_n;
     }
     else {
 	output = edit_outs;
diff --git a/mbbsd/kaede.c b/mbbsd/kaede.c
index c0b1ed23..b7f4ad56 100644
--- a/mbbsd/kaede.c
+++ b/mbbsd/kaede.c
@@ -25,6 +25,9 @@ Ptt_prints(char *str, int mode)
 		    strlcpy(strbuf+w, Cdate(&now), sizeof(strbuf)-w);
 		    w += strlen(strbuf+w);
 		    break;
+
+		    /* disabled for security issue.
+		     * we support only entries can be queried by others now.
 		case 'u':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d", SHM->UTMPnumber);
@@ -33,6 +36,8 @@ Ptt_prints(char *str, int mode)
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d/%d", cuser.month, cuser.day);
 		    break;
+		    */
+
 		case 'l':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d", cuser.numlogins);
@@ -47,7 +52,7 @@ Ptt_prints(char *str, int mode)
 		    break;
 		case 'm':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
-				  "%d", cuser.money);
+				  "%s", money_level(cuser.money));
 		    break;
 		/* It's saver not to send these undefined escape string. 
 		default:
diff --git a/mbbsd/talk.c b/mbbsd/talk.c
index 0d0dc6fa..039a75ef 100644
--- a/mbbsd/talk.c
+++ b/mbbsd/talk.c
@@ -377,12 +377,8 @@ int
 my_query(const char *uident)
 {
     userec_t        muser;
-    int             tuid, i, fri_stat = 0;
-    unsigned int    j;
+    int             tuid, fri_stat = 0;
     userinfo_t     *uentp;
-    const char *money[10] =
-    {"債台高築", "赤貧", "清寒", "普通", "小康",
-    "小富", "中富", "大富翁", "富可敵國", "比爾蓋\天"};
     const char *sex[8] =
     {MSG_BIG_BOY, MSG_BIG_GIRL,
 	MSG_LITTLE_BOY, MSG_LITTLE_GIRL,
@@ -399,14 +395,11 @@ my_query(const char *uident)
 	if ((uentp = (userinfo_t *) search_ulist(tuid)))
 	    fri_stat = friend_stat(currutmp, uentp);
 
-	j = muser.money;
-	for (i = 0; i < 10 && j > 10; i++)
-	    j /= 10;
 	prints("《ＩＤ暱稱》%s(%s)%*s《經濟狀況》%s",
 	       muser.userid,
 	       muser.username,
 	       (int)(26 - strlen(muser.userid) - strlen(muser.username)), "",
-	       money[i]);
+	       money_level(cuser.money));
 	if (uentp && ((fri_stat & HFM && !uentp->invisible) || strcmp(muser.userid,cuser.userid) == 0))
 	    prints(" ($%d)", muser.money);
 	outc('\n');