View Issue Details

IDProjectCategoryView StatusLast Update
0005515unrealircdpublic2019-12-29 20:56
ReporterPeGaSuSAssigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformUnixOSUbuntuOS Version18.04 LTS
Product Version5.0.0 
Target VersionFixed in Version 
Summary0005515: Restrict /INVITE command to users having at least +h (halfop) in the channel
DescriptionCurrently, the /INVITE command can be executed by anyone in the channel (being registered or not), which can lead to some abuse from possible botnets or annoying users.

Would be good to deny this command to any user that isn't at least +h (halfop) in the channel.

Cheers!
Steps To Reproduce1) Join any user (registered or not) to any channel (registered or not)
2) Type: /INVITE nick
3) The command will be executed and the target will be invited
Tagsaccess control, access lists, security
3rd party modules

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-12-29 20:56 PeGaSuS New Issue
2019-12-29 20:56 PeGaSuS Tag Attached: access control
2019-12-29 20:56 PeGaSuS Tag Attached: access lists
2019-12-29 20:56 PeGaSuS Tag Attached: security