View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002588 | unreal | ircd | public | 2005-07-06 21:29 | 2015-10-30 12:51 |
| Reporter | JasonTik | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | closed | Resolution | no change required | ||
| Product Version | 3.2.3 | ||||
| Summary | 0002588: Spamfilter target c with /me | ||||
| Description | When using a spamfilter with ^ or $, it will not match actions. This is probably unintended, but is a problem for users who may be trusting spamfilter to do this. I recommend that the '\001ACTION ' and '\001' be dropped before the spamfilter is checked. | ||||
| 3rd party modules | |||||
|
|
Actually, I think you just shouldn't be using ^ and $ in such a case... codemastr? |
|
|
Or if you do: ^(\1ACTION )?<texthere>\1?$ |
|
|
Don't you mean "\x01" instead of "\1"? "\1" is a backreference... |
|
|
aquanight, I know this, and will do it myself, but I'm just pointing out that this will be concerning for users who expect actions to be blocked. (One came into #unreal-support, prompting me to explain just that, and to submit this bugreport) |
|
|
Uh, why go through the extra hassle of mangling with things even more when you can just fix it and use a proper regex that is meant to handle this kind of thing like we did for this guy? ie: telling him to remove ^$. "it's impractical in some situations": Then write a spamfilter that optionally matches the whole \001ACTION \001 stuff. (\001ACTION )?blah\001? (Correct me if I'm wrong on that example) I don't see the point of doing EXTRA mangling of strings when spamfilter is already so CPU-heavy. Maybe something should be added to the docs about this though? |
|
|
Bump. Still an issue? |
|
|
To be honest; I would EXPECT to see the \001ACTION and \001 when I am creating a regex. Much like how I can except the full user!ident@host:Real name, when checking for 'u'. For instance, all the spamfilters that are protecting for DCC exploits, those would be somewhat broken if \001ACTIOn was stripped while matching. If a user isn't able to figure out how the protocol works, they shouldn't be touching a regex spamfilter anyway. I see many spamfilters created that are completely invalid anyway (people using a generic wildcard string). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-07-06 21:29 | JasonTik | New Issue | |
| 2005-07-06 21:31 | syzop | Note Added: 0010206 | |
| 2005-07-07 11:56 | aquanight | Note Added: 0010208 | |
| 2005-07-07 13:55 | Stealth | Note Added: 0010209 | |
| 2005-07-08 18:41 | JasonTik | Note Added: 0010213 | |
| 2005-07-09 06:10 | w00t | Note Added: 0010216 | |
| 2007-04-19 04:47 |
|
Note Added: 0013598 | |
| 2007-04-27 03:13 |
|
Status | new => feedback |
| 2010-04-15 09:22 | driew | Note Added: 0016068 | |
| 2015-10-30 12:50 | syzop | Status | feedback => closed |
| 2015-10-30 12:51 | syzop | Assigned To | => syzop |
| 2015-10-30 12:51 | syzop | Resolution | open => no change required |
