From a2a653b72c1f5c6920f03d13a52b0a2ea3631cb8 Mon Sep 17 00:00:00 2001
From: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Sun, 3 Jul 2005 07:10:38 +0000
Subject: Security Update (1) **s (Ptt_prints):     Only information can be
 queried by others will be revealed.     i.e., **b(birthday), **u(utmp number)
 will be removed           **m(money) will show level messages instead of real
 number (2) Reply will show as **X instead of converted message (3) Ansi (^V)
 mode in editor will display as **X.

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2878 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 mbbsd/kaede.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'mbbsd/kaede.c')

diff --git a/mbbsd/kaede.c b/mbbsd/kaede.c
index c0b1ed23..b7f4ad56 100644
--- a/mbbsd/kaede.c
+++ b/mbbsd/kaede.c
@@ -25,6 +25,9 @@ Ptt_prints(char *str, int mode)
 		    strlcpy(strbuf+w, Cdate(&now), sizeof(strbuf)-w);
 		    w += strlen(strbuf+w);
 		    break;
+
+		    /* disabled for security issue.
+		     * we support only entries can be queried by others now.
 		case 'u':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d", SHM->UTMPnumber);
@@ -33,6 +36,8 @@ Ptt_prints(char *str, int mode)
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d/%d", cuser.month, cuser.day);
 		    break;
+		    */
+
 		case 'l':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
 				  "%d", cuser.numlogins);
@@ -47,7 +52,7 @@ Ptt_prints(char *str, int mode)
 		    break;
 		case 'm':
 		    w += snprintf(&strbuf[w], sizeof(strbuf) - w,
-				  "%d", cuser.money);
+				  "%s", money_level(cuser.money));
 		    break;
 		/* It's saver not to send these undefined escape string. 
 		default:
-- 
cgit v1.2.3