1) 100 is far too low: my test hub, for example, sends me 1176 user commands at login. in particular, a popular translation script sends 702 user commands; another popular script (FunScript) sends 251. i am willing to bet other scripts like Dixbot or Leviathan also send hundreds of user commands. a better max value would be one beyond which opening a menu takes too long on a regular computer.
2) the current rule for settings in DC++ is to add them "fully" - with a UI, help, etc. for the max value, a hard-coded one would be fine by me if it were high enough. the replacing behavior should not be a setting but be standard (user commands are identified by their name). 3) the new loop that is executed on each user command addition has to be tested with hubs that send thousands of user commands. storing them in some sort of ordered map might help with performance.... 4) i would remove the log message when the limit has been reached. note also that said log message could result in quite the spam in its current state. again, this depends on the value decided in #1; if it is high enough, the log message is futile. 5) in the following: if(!lst.empty() && !lstExternal.empty()) shouldn't the AND be an OR? 6) doesn't UserCommand::FLAG_NOSAVE already accomplish the job of the new UserCommand::external? if it doesn't, add a new flag instead of a new bool. -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1030613 Title: Normal users can issue CMDs Status in ADCH++: Fix Released Status in DC++: In Progress Bug description: Any client may send a CMD (only B-type tested) to the hub, distributing it to any user. If done in a bot, you can effectively send tens or hundreds of these, and a receiving client will be forced to manage them, thus potentially causing a DoS scenario. Generate the following user command in DC++ to test yourself; Command type: Raw Context: Hub menu Name: RogueCommand Command: BCMD %[mySID] Security\stest,\sbe\safraid TTHINF\sNIfoobar\n CT2 Hub address: adc:// (Above command should obviously be followed by a new line.) The hub should ignore any CMD originating from a user. Potentially allow CMDs from trusted users. To manage notifications about this bug go to: https://bugs.launchpad.net/adchpp/+bug/1030613/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
