Bug#365468: shouldn't impose restriction on nickname charset

Sun, 30 Apr 2006 03:16:14 -0700 

Package: cgiirc
Version: 0.5.4-6
Severity: normal
Tags: patch

Please don't impose restrictions in the nickname valid charset. It depends on 
the server-side implementation which characters will be accepted in a nickname, 
and there's way to detect that beforehand.

See for example UnrealIRCd that accepts several charsets (iso8859-1, etc).

  http://www.vulnscan.org/UnrealIRCd/unreal32docs.html#feature_nickchars

This patch is in upstream BTS:

  http://cvs.cgiirc.org/tktview?tn=144

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-amd64-k8
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL 
set to C)

Versions of packages cgiirc depends on:
ii  libc6                         2.3.6-7    GNU C Library: Shared libraries
ii  perl                          5.8.8-3    Larry Wall's Practical Extraction 

Versions of packages cgiirc recommends:
ii  apache [httpd]                1.3.34-2   versatile, high-performance HTTP s

-- no debconf information

diff -ur cgiirc-0.5.4.old/interfaces/default.pm 
cgiirc-0.5.4/interfaces/default.pm
--- cgiirc-0.5.4.old/interfaces/default.pm      2003-10-31 19:51:24.000000000 
+0100
+++ cgiirc-0.5.4/interfaces/default.pm  2006-04-30 11:36:32.000000000 +0200
@@ -94,23 +94,12 @@
    document.loginform["interface"].value = 'opera';
  }
 }
-function nickvalid() {
-   var nick = document.loginform.Nickname.value;
-   if(nick.match(/^[A-Za-z0-9\\[\\]\\{\\}^\\\\\\|\\_\\-\`]{1,32}\$/))
-      return true;
-   alert('Please enter a valid nickname');
-   document.loginform.Nickname.value = 
nick.replace(/[^A-Za-z0-9\\[\\]\\{\\}^\\\\\\|\\_\\-\`]/g, '');
-   return false;
-}
 EOF
 }else{ # dummy functions
 print <<EOF;
 function setjs() {
    return true;
 }
-function nickvalid() {
-   return true;
-}
 EOF
 }
 print <<EOF;
@@ -124,7 +113,7 @@
    print "<font size=\"+1\" color=\"red\">Your browser does not correctly 
support CGI:IRC, it might not work or other problems may occur. Please consider 
upgrading.</font>\n";
 }
 print <<EOF;
-<form method="post" action="$this" name="loginform" onsubmit="setjs();return 
nickvalid()">
+<form method="post" action="$this" name="loginform" onsubmit="setjs();return 
true">
 EOF
 print "<input type=\"hidden\" name=\"interface\" value=\"" . 
    ($interface eq 'default' ? 'nonjs' : $interface) . "\">\n";
diff -ur cgiirc-0.5.4.old/modules/IRC/Util.pm cgiirc-0.5.4/modules/IRC/Util.pm
--- cgiirc-0.5.4.old/modules/IRC/Util.pm        2003-10-27 18:18:52.000000000 
+0100
+++ cgiirc-0.5.4/modules/IRC/Util.pm    2006-04-30 11:36:05.000000000 +0200
@@ -14,9 +14,6 @@
 }
 
 sub is_vaild_nickname {
-   return 0 if length $_[0] > 32 or length $_[0] < 1;
-   return 0 if $_[0] =~ /[^A-Za-z0-9-_\[\]\\\`\^\{\}\|]/;
-   return 0 if $_[0] =~ /^[^A-Za-z_\\\[\]\`\^\{\}\|]/;
    return 1;
 }
 
diff -ur cgiirc-0.5.4.old/nph-irc.cgi cgiirc-0.5.4/nph-irc.cgi
--- cgiirc-0.5.4.old/nph-irc.cgi        2004-01-29 12:24:48.000000000 +0100
+++ cgiirc-0.5.4/nph-irc.cgi    2006-04-30 11:36:05.000000000 +0200
@@ -1067,8 +1067,6 @@
    ($cgi->{port}) = $cgi->{port} =~ /(\d+)/;
 
    $cgi->{nick} =~ s/\?/int rand 10/eg;
-   # Only valid nickname characters
-   $cgi->{nick} =~ s/[^A-Za-z0-9\[\]\{\}^\\\|\_\-\`]//g;
 
    $interface = load_interface();

Reply via email to