Use better command access checking in webpanel for operserv/akill

author: Adam <Adam@anope.org> 2014-02-13 19:42:02 -0500
committer: Adam <Adam@anope.org> 2014-02-13 19:42:02 -0500
commit: f428d6104510df6ed5ddb65e3baf86eeade6e069 (patch)
tree: 60df6c5575b1cb5630a615f8a7ceff7162cd8f51 /modules
parent: fc50edf04631235b08d484cbd48c5826b40728cc (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/modules/webcpanel/pages/operserv/akill.cpp b/modules/webcpanel/pages/operserv/akill.cpp
index 24f1dbf63..e23141915 100644
--- a/modules/webcpanel/pages/operserv/akill.cpp
+++ b/modules/webcpanel/pages/operserv/akill.cpp
@@ -16,7 +16,7 @@ bool WebCPanel::OperServ::Akill::OnRequest(HTTPProvider *server, const Anope::st
 
 	static ServiceReference<XLineManager> akills("XLineManager","xlinemanager/sgline");
 
-	if (!na->nc->IsServicesOper() && !(na->nc->o && na->nc->o->ot && na->nc->o->ot->HasPriv("operserv/akill")))
+	if (!na->nc->o || !na->nc->o->ot->HasCommand("operserv/akill"))
 	{
 		replacements["NOACCESS"];
 	}
diff --git a/modules/webcpanel/webcpanel.cpp b/modules/webcpanel/webcpanel.cpp
index 0c1fc3903..bf0a31540 100644
--- a/modules/webcpanel/webcpanel.cpp
+++ b/modules/webcpanel/webcpanel.cpp
@@ -240,6 +240,9 @@ namespace WebPanel
 			return;
 		}
 
+		if (params.size() < cmd->min_params)
+			return;
+
 		BotInfo *bi = Config->GetClient(service);
 		if (!bi)
 		{
@@ -263,6 +266,13 @@ namespace WebPanel
 		my_reply(r, key);
 
 		CommandSource source(user, NULL, nc, &my_reply, bi);
+
+		if (!cmd->AllowUnregistered() && !source.nc)
+		{
+			r[key] = "Access denied.";
+			return;
+		}
+
 		cmd->Execute(source, params);
 	}
 }
author	Adam <Adam@anope.org>	2014-02-13 19:42:02 -0500
committer	Adam <Adam@anope.org>	2014-02-13 19:42:02 -0500
commit	f428d6104510df6ed5ddb65e3baf86eeade6e069 (patch)
tree	60df6c5575b1cb5630a615f8a7ceff7162cd8f51 /modules
parent	fc50edf04631235b08d484cbd48c5826b40728cc (diff)