diff options
Diffstat (limited to 'mbbsd')
| -rw-r--r-- | mbbsd/kaede.c | 44 | ||||
| -rw-r--r-- | mbbsd/pmore.c | 7 |
2 files changed, 24 insertions, 27 deletions
diff --git a/mbbsd/kaede.c b/mbbsd/kaede.c index 92b26885..d2c5da03 100644 --- a/mbbsd/kaede.c +++ b/mbbsd/kaede.c @@ -21,44 +21,36 @@ Ptt_prints(char *str, size_t size, int mode) else{ /* Note, w will increased by copied length after */ switch( str[++r] ){ - case 's': - strlcpy(strbuf+w, cuser.userid, size-w); - w += strlen(strbuf+w); - break; - case 'n': - strlcpy(strbuf+w, cuser.nickname, size-w); - w += strlen(strbuf+w); - break; - case 't': + + // secure content + + case 't': // current time strlcpy(strbuf+w, Cdate(&now), size-w); w += strlen(strbuf+w); break; - case 'u': + case 'u': // current online users w += snprintf(&strbuf[w], size - w, "%d", SHM->UTMPnumber); break; - case 'l': - w += snprintf(&strbuf[w], size - w, - "%d", cuser.numlogins); + + // insecure content + + case 's': // current user id + strlcpy(strbuf+w, cuser.userid, size-w); + w += strlen(strbuf+w); break; - case 'p': - w += snprintf(&strbuf[w], size - w, - "%d", cuser.numposts); + case 'n': // current user nickname + strlcpy(strbuf+w, cuser.nickname, size-w); + w += strlen(strbuf+w); break; - - /* disabled for security issue. - * we support only entries can be queried by others now. - */ -#ifdef LOW_SECURITY - case 'b': + case 'l': // current user logins w += snprintf(&strbuf[w], size - w, - "%d/%d", cuser.month, cuser.day); + "%d", cuser.numlogins); break; - case 'm': + case 'p': // current user posts w += snprintf(&strbuf[w], size - w, - "%d", cuser.money); + "%d", cuser.numposts); break; -#endif /* It's saver not to send these undefined escape string. default: diff --git a/mbbsd/pmore.c b/mbbsd/pmore.c index 44a405c6..afb07ecd 100644 --- a/mbbsd/pmore.c +++ b/mbbsd/pmore.c @@ -1394,7 +1394,12 @@ mf_display() buf[0] = '*'; else { - if(strchr("sbmlpn", buf[2]) != NULL) +#ifdef LOW_SECURITY +# define PTTPRINT_WARN_PATTERN "slpnbm" +#else +# define PTTPRINT_WARN_PATTERN "slpn" +#endif // LOW_SECURITY + if(strchr(PTTPRINT_WARN_PATTERN, buf[2]) != NULL) { override_attr = ANSI_COLOR(1;37;41); override_msg = PMORE_MSG_WARN_FAKEUSERINFO; |