zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security and optimizations

Browse Source
This commit is contained in:
zefie
2025-08-05 23:24:13 -04:00
parent fe0e9550da
commit 181b5177ab
3 changed files with 79 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js
View File

@@ -469,7 +469,9 @@ class WTVClientSessionData {
"contentType": contentType
}));
return true;
} catch {}
} catch (e) {
console.error("Error in addToScrapbook:", e);
}
return false;
}

22
zefie_wtvp_minisrv/includes/classes/WTVIRC.js
View File

@@ -93,7 +93,6 @@ class WTVIRC {
this.maxtargets = this.irc_config.max_targets || 4;
this.socket_timeout = 75; // Default socket timeout to 75 seconds, most clients will send PINGs every 60 seconds, so this should be enough to catch lost connections
this.server_hello = this.irc_config.server_hello || `zefIRCd v${this.version} IRC server powered by minisrv`;
this.enable_eval = this.debug || false; // Enable eval in debug mode only
this.serverId = this.irc_config.server_id || '00A'; // Default server ID, can be overridden in config
this.allow_public_vhosts = this.irc_config.allow_public_vhosts || true; // If true, users can set their host to a virtual host that is not a real hostname or IP address, if false, only opers can.
this.kick_insecure_users_on_secure = this.irc_config.kick_insecure_users_on_secure || true; // If true, users without SSL connections will be kicked from a channel when +Z is applied
@@ -2796,27 +2795,6 @@ class WTVIRC {
}
}
break;
case 'EVAL':
// VERY DANGEROUS
if (!this.checkRegistered(socket)) {
break;
}
if (!this.isIRCOp(socket.nickname)) {
await this.safeWriteToSocket(socket, `:${this.servername} 481 ${socket.nickname} :Permission denied - you are not an IRC operator\r\n`);
this.debugLog('warn', `EVAL command attempted by non-IRCOp: ${socket.nickname}`);
break;
}
if (!this.enable_eval) {
await this.safeWriteToSocket(socket, `:${this.servername} 404 ${socket.nickname} :Eval is disabled\r\n`);
break;
}
try {
const result = eval(params.join(' '));
await this.safeWriteToSocket(socket, `:${this.servername} 200 ${socket.nickname} :${result}\r\n`);
} catch (error) {
await this.safeWriteToSocket(socket, `:${this.servername} 500 ${socket.nickname} :Error evaluating expression\r\n`);
}
break;
case 'KILL':
if (!this.checkRegistered(socket)) {
break;