As it seems that no one is unable to confirm this, I made an user command that will make all DC++ users unable to send main chat messages: BSTA %[mySID] 225 Chatting\sdisabled FCBMSG
I also quickly looked at the other command handling code and that isn't the only command that isn't validated properly... Disconnect all users by causing a decompression error: BZON %[mySID] 123 Prompt all users for a password and prevent them from sending any outgoing commands after that (ADCH++ won't broadcast this but Flexhub and uhub will do that): BGPA %[mySID] 123 Reset the session password from all users: BSTA %[mySID] 223 Session\spass\sreset -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1189975 Title: Forbidden commands in ADC Status in DC++: New Bug description: When DC++ receives a STA message with code 25, it adds the command in to the list of forbidden outgoing commands. However, the client doesn't check that the STA message originates from the hub, so any other client could send malicious STA messages and prevent DC++ from sending any outgoing command via the hub. The fix is rather trivial. I generally dislike the way how code 25 is handled, as DC++ doesn't notify the user when it blocks a command and neither when an outgoing command is disregarded right before sending. To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1189975/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
