diff options
| author | Adam <Adam@anope.org> | 2012-12-15 23:51:25 -0500 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2012-12-15 23:51:25 -0500 |
| commit | c49f03f985a4f142d4b050cbe57fc548e88207e4 (patch) | |
| tree | 12828c3c9e3850eece46a614bd0b72e3cc0f465d | |
| parent | 8e3ab0d10b8f1d7683d4301b66e6c0609995cff1 (diff) | |
Allow escaping brackets in webpanel templates and redirect users to the homepage when their session is not found
| -rw-r--r-- | modules/extra/webcpanel/template_fileserver.cpp | 7 | ||||
| -rw-r--r-- | modules/extra/webcpanel/webcpanel.h | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/modules/extra/webcpanel/template_fileserver.cpp b/modules/extra/webcpanel/template_fileserver.cpp index ca2ff034f..79e583388 100644 --- a/modules/extra/webcpanel/template_fileserver.cpp +++ b/modules/extra/webcpanel/template_fileserver.cpp @@ -115,9 +115,12 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n Anope::string finished; + bool escaped = false; for (unsigned j = 0; j < buf.length(); ++j) { - if (buf[j] == '{') + if (buf[j] == '\\' && j + 1 < buf.length() && (buf[j + 1] == '{' || buf[j + 1] == '}')) + escaped = true; + else if (buf[j] == '{' && !escaped) { size_t f = buf.substr(j).find('}'); if (f == Anope::string::npos) @@ -241,6 +244,8 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n } else { + escaped = false; + // If the if stack is empty or we are in a true statement bool ifok = IfStack.empty() || IfStack.top(); bool forok = ForLoop::Stack.empty() || !ForLoop::Stack.back().finished(r); diff --git a/modules/extra/webcpanel/webcpanel.h b/modules/extra/webcpanel/webcpanel.h index 051bab790..511ecf354 100644 --- a/modules/extra/webcpanel/webcpanel.h +++ b/modules/extra/webcpanel/webcpanel.h @@ -88,6 +88,8 @@ class WebPanelProtectedPage : public WebPanelPage if (!panel || !(na = panel->GetNickFromSession(client, message))) { + reply.error = HTTP_FOUND; + reply.headers["Location"] = Anope::string("http") + (use_ssl ? "s" : "") + "://" + message.headers["Host"] + "/"; return true; // Access denied } |