diff options
| author | Sadie Powell <sadie@witchery.services> | 2025-02-13 01:54:57 +0000 |
|---|---|---|
| committer | Sadie Powell <sadie@witchery.services> | 2025-02-13 01:54:57 +0000 |
| commit | 1e82b4075e6982d32a6ed5d29ee79ab8fd81fe2e (patch) | |
| tree | 92680c65769d48bb1f7da36dbe88d12f38a10330 | |
| parent | f8c1b8f4f9bcb06242aa7d7360ea610764565c75 (diff) | |
Make the RPC API sanitize automatically.
| -rw-r--r-- | include/modules/rpc.h | 2 | ||||
| -rw-r--r-- | modules/rpc/rpc_main.cpp | 32 | ||||
| -rw-r--r-- | modules/rpc/xmlrpc.cpp | 4 |
3 files changed, 18 insertions, 20 deletions
diff --git a/include/modules/rpc.h b/include/modules/rpc.h index b3c8afdb4..c03a2b8d4 100644 --- a/include/modules/rpc.h +++ b/include/modules/rpc.h @@ -44,7 +44,5 @@ public: virtual void Unregister(RPCEvent *event) = 0; - virtual Anope::string Sanitize(const Anope::string &string) = 0; - virtual void Reply(RPCRequest &request) = 0; }; diff --git a/modules/rpc/rpc_main.cpp b/modules/rpc/rpc_main.cpp index 4a87d9e05..7df98bd5e 100644 --- a/modules/rpc/rpc_main.cpp +++ b/modules/rpc/rpc_main.cpp @@ -116,7 +116,7 @@ private: Command::Run(source, command); if (!out.empty()) - request.reply("return", iface->Sanitize(out)); + request.reply("return", out); } } } @@ -163,24 +163,24 @@ private: Channel *c = Channel::Find(request.data[0]); - request.reply("name", iface->Sanitize(c ? c->name : request.data[0])); + request.reply("name", c ? c->name : request.data[0]); if (c) { request.reply("bancount", Anope::ToString(c->HasMode("BAN"))); int count = 0; for (auto &ban : c->GetModeList("BAN")) - request.reply("ban" + Anope::ToString(++count), iface->Sanitize(ban)); + request.reply("ban" + Anope::ToString(++count), ban); request.reply("exceptcount", Anope::ToString(c->HasMode("EXCEPT"))); count = 0; for (auto &except : c->GetModeList("EXCEPT")) - request.reply("except" + Anope::ToString(++count), iface->Sanitize(except)); + request.reply("except" + Anope::ToString(++count), except); request.reply("invitecount", Anope::ToString(c->HasMode("INVITEOVERRIDE"))); count = 0; for (auto &invite : c->GetModeList("INVITEOVERRIDE")) - request.reply("invite" + Anope::ToString(++count), iface->Sanitize(invite)); + request.reply("invite" + Anope::ToString(++count), invite); Anope::string users; for (Channel::ChanUserList::const_iterator it = c->users.begin(); it != c->users.end(); ++it) @@ -191,14 +191,14 @@ private: if (!users.empty()) { users.erase(users.length() - 1); - request.reply("users", iface->Sanitize(users)); + request.reply("users", users); } if (!c->topic.empty()) - request.reply("topic", iface->Sanitize(c->topic)); + request.reply("topic", c->topic); if (!c->topic_setter.empty()) - request.reply("topicsetter", iface->Sanitize(c->topic_setter)); + request.reply("topicsetter", c->topic_setter); request.reply("topictime", Anope::ToString(c->topic_time)); request.reply("topicts", Anope::ToString(c->topic_ts)); @@ -212,25 +212,25 @@ private: User *u = User::Find(request.data[0]); - request.reply("nick", iface->Sanitize(u ? u->nick : request.data[0])); + request.reply("nick", u ? u->nick : request.data[0]); if (u) { - request.reply("ident", iface->Sanitize(u->GetIdent())); - request.reply("vident", iface->Sanitize(u->GetVIdent())); - request.reply("host", iface->Sanitize(u->host)); + request.reply("ident", u->GetIdent()); + request.reply("vident", u->GetVIdent()); + request.reply("host", u->host); if (!u->vhost.empty()) - request.reply("vhost", iface->Sanitize(u->vhost)); + request.reply("vhost", u->vhost); if (!u->chost.empty()) - request.reply("chost", iface->Sanitize(u->chost)); + request.reply("chost", u->chost); request.reply("ip", u->ip.addr()); request.reply("timestamp", Anope::ToString(u->timestamp)); request.reply("signon", Anope::ToString(u->signon)); if (u->IsIdentified()) { - request.reply("account", iface->Sanitize(u->Account()->display)); + request.reply("account", u->Account()->display); if (u->Account()->o) - request.reply("opertype", iface->Sanitize(u->Account()->o->ot->GetName())); + request.reply("opertype", u->Account()->o->ot->GetName()); } Anope::string channels; diff --git a/modules/rpc/xmlrpc.cpp b/modules/rpc/xmlrpc.cpp index f1db6efba..dc1f8d4e7 100644 --- a/modules/rpc/xmlrpc.cpp +++ b/modules/rpc/xmlrpc.cpp @@ -54,7 +54,7 @@ public: this->events.erase(it); } - Anope::string Sanitize(const Anope::string &string) override + static Anope::string Sanitize(const Anope::string &string) { Anope::string ret = string; for (int i = 0; !special[i].character.empty(); ++i) @@ -189,7 +189,7 @@ public: Anope::string r = "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<methodResponse>\n<params>\n<param>\n<value>\n<struct>\n"; for (const auto &[name, value] : request.get_replies()) - r += "<member>\n<name>" + name + "</name>\n<value>\n<string>" + this->Sanitize(value) + "</string>\n</value>\n</member>\n"; + r += "<member>\n<name>" + this->Sanitize(name) + "</name>\n<value>\n<string>" + this->Sanitize(value) + "</string>\n</value>\n</member>\n"; r += "</struct>\n</value>\n</param>\n</params>\n</methodResponse>"; request.r.Write(r); |