View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005698||unreal||ircd||public||2020-06-02 18:20||2020-09-26 13:53|
|Fixed in Version||5.0.7-rc1|
|Summary||0005698: Voiced users bypass +b ~T:block and +b ~T:censor|
|Description||We upgraded from unreal 4 to 5 a few days ago and since then voiced users are able to bypass +b ~T:block and +b ~T:censor modes. This is not listed in the changelog and seems to be a regression. Some of our ~T:block have special characters, some have not. Both seem to be bypassable.|
|Steps To Reproduce||/mode #chan +b ~T:block:*test*|
send "test" with an unvoiced user, gets blocked.
send "test" with a voiced user, does not get blocked.
|Tags||No tags attached.|
|3rd party modules|
That's not a bug, but it's by design in UnrealIRCd. If you want to stop voiced users to bypass those bans, you could try to install the third party module *banfix_voice* with:
./unrealircd module install third/banfix_voice
Note: this command should be executed in the shell, inside the unrealircd folder.
Some more info about the third party module:
||This should probably make it into the changelog then, as it is a significant change of behavior from 4.x.|
There are indeed pro's and cons and I can see why it behaves that way currently, BUT.. I have to say, for me too this behavior is not what I would expect for ~T. I will look into changing it.
||Any news on this?|
Sometimes things sound like an easy change, but they are not, not at all.
commit 57d0efbc58ceadda1818f61490cb1015fba6631f (HEAD -> unreal50, origin/unreal50)
Author: Bram Matthys <email@example.com>
Date: Sat Sep 26 13:43:46 2020 +0200
Recode textbans so voiced users cannot bypass them.
Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698
Although voiced users normally bypass bans, it is not really logical
for them to bypass filtering of banned words, since that is normally
a policy decission by channel management. So +v will not bypass it.
1) The problem is that this is enforced at the ban layer API. The extban
routines, textban in this case, are not called when the user is voiced,
because voiced users bypass bans. If we would change that in the ban API
then voiced users can also no longer talk through (=bypass) regular +b or
other extended +b such as ~a (account) etc.
2) I figured we would then make +T not use the ban API but the
can_send_to_channel hook instead. However, then you have to do manual
looping through bans and such, it's rather ugly from a coding point of view,
and you risk "missing" things like ~T stacked with ~t.
3) Then I went back to look if the ban API could be changed by having the
textban module set a flag and then the ban api would call that specific
module still for voiced users. While starting on that, unfortunately things
(variables, arguments) cascaded quickly into having to change all kinds of
underlying functions that would break the module API.
4) I then went back to option 2 and implemented it, trying to deal
with all its caveats.
|2020-06-02 18:20||Adanaran||New Issue|
|2020-06-03 06:57||PeGaSuS||Note Added: 0021606|
|2020-06-03 17:41||kenneaal||Note Added: 0021607|
|2020-06-05 16:59||syzop||Severity||major => minor|
|2020-06-05 17:01||syzop||Assigned To||=> syzop|
|2020-06-05 17:01||syzop||Status||new => acknowledged|
|2020-06-05 17:01||syzop||Note Added: 0021608|
|2020-06-27 21:34||Adanaran||Note Added: 0021653|
|2020-09-26 13:53||syzop||Status||acknowledged => resolved|
|2020-09-26 13:53||syzop||Resolution||open => fixed|
|2020-09-26 13:53||syzop||Fixed in Version||=> 5.0.7-rc1|
|2020-09-26 13:53||syzop||Note Added: 0021755|
|2020-09-26 13:53||syzop||Note Edited: 0021755||View Revisions|