diff options
| author |   William Heimbigner <william.heimbigner@gmail.com> | 2014-04-23 04:39:39 +0400 |
|---|---|---|
| committer | William Heimbigner <william.heimbigner@gmail.com> | 2014-04-23 04:41:05 +0400 |
| commit | 534ca688d9c9c6ecd6584e53dca5cf0b3d996632 (patch) | |
| tree | 59b32762a7bc0f2afc0a51a94759d89037567f36 | |
| parent | ac56812a5a79b5187a89cb7dcd9078c11ffed54e (diff) | |
don't check common idents/gecos in sql queries
| -rw-r--r-- | config-default/commands.xml | 25 | ||||
| -rw-r--r-- | config-default/mysql.xml | 6 | ||||
| -rw-r--r-- | modules/xml.pl | 9 |
3 files changed, 27 insertions, 13 deletions
diff --git a/config-default/commands.xml b/config-default/commands.xml index 83a583f..db04442 100644 --- a/config-default/commands.xml +++ b/config-default/commands.xml @@ -135,10 +135,10 @@ $conn->privmsg($event->replyto, "db is at http://antispammeta.net/query.html"); ]]> </command> - <command cmd="^;query (\S+) (\S+)$"> + <command cmd="^;query (\S+) ?(\S+)?$"> <![CDATA[ - my $channel = $1; - my @nuh = split(/(\!|\@)/, $2); + my $channel = defined($2) ? $1 : '%'; + my @nuh = split(/(\!|\@)/, defined($2) ? $2 : $1); my $result = $::db->query($channel, $nuh[0], $nuh[2], $nuh[4]); $conn->privmsg($event->replyto, "$result results found."); ]]> @@ -155,10 +155,12 @@ my $dbh = $::db->{DBH}; my $mnicks = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE nick like " . $dbh->quote($nick) . ';'); - my $musers = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE user like " . $dbh->quote($person->{user}) . ';'); + my $musers = (lc $person->{user} ~~ $::mysql->{ignoredidents}) ? "didn't check" : + $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE user like " . $dbh->quote($person->{user}) . ';'); my $mhosts = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE host like " . $dbh->quote($person->{host}) . ';'); my $maccts = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE account like " . $dbh->quote($person->{account}) . ';'); - my $mgecos = $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE gecos like " . $dbh->quote($person->{gecos}) . ';'); + my $mgecos = (lc $person->{gecos} ~~ $::mysql->{ignoredgecos}) ? "didn't check" : + $dbh->do("SELECT * from $::db->{ACTIONTABLE} WHERE gecos like " . $dbh->quote($person->{gecos}) . ';'); my $ip = ASM::Util->getNickIP($nick); my $matchedip = 0; @@ -176,8 +178,9 @@ $conn->privmsg($event->replyto, "I found $mnicks matches by nick, $musers user matches, $mhosts by hostname, " . "$maccts by NickServ account, $mgecos by gecos field, and $matchedip by real IP." . ' Web results are at https://antispammeta.net/cgi-bin/secret/investigate.pl?nick=' . uri_escape($nick) . - '&user=' . uri_escape($person->{user}) . '&host=' . uri_escape($person->{host}) . '&account=' . uri_escape($person->{account}) . - '&gecos=' . uri_escape($person->{gecos}) . $dq . ' )'); + ((lc $person->{user} ~~ $::mysql->{ignoredidents}) ? '' : '&user=' . uri_escape($person->{user})) . + '&host=' . uri_escape($person->{host}) . '&account=' . uri_escape($person->{account}) . + ((lc $person->{gecos} ~~ $::mysql->{ignoredgecos}) ? '' : '&gecos=' . uri_escape($person->{gecos})) . $dq . ' )'); ]]> </command> <command cmd="^;investigate2 (\S+) ?(\d*)$" flag="s"> @@ -204,10 +207,10 @@ my $dbh = $::db->{DBH}; my $query = "SELECT * from $::db->{ACTIONTABLE} WHERE nick like " . $dbh->quote($nick) . - ' or user like ' . $dbh->quote($person->{user}) . + ((lc $person->{user} ~~ $::mysql->{ignoredidents}) ? '' : ' or user like ' . $dbh->quote($person->{user})) . ' or host like ' . $dbh->quote($person->{host}) . ' or account like ' . $dbh->quote($person->{account}) . - ' or gecos like ' . $dbh->quote($person->{gecos}); + ((lc $person->{gecos} ~~ $::mysql->{ignoredgecos}) ? '' : ' or gecos like ' . $dbh->quote($person->{gecos})); my $ip = ASM::Util->getNickIP($nick); if (defined($ip)) { $query = $query . ' or ip = ' . $dbh->quote($ip); @@ -222,9 +225,7 @@ } my @data = @{$query_handle->fetchall_arrayref()}; if (@data) { - $conn->privmsg($event->replyto, 'Sending you the results...'); # ( https://antispammeta.net/cgi-bin/secret/investigate.pl?nick=' . uri_escape($nick) . -# '&user=' . uri_escape($person->{user}) . '&host=' . uri_escape($person->{host}) . '&account=' . uri_escape($person->{account}) . -# '&gecos=' . uri_escape($person->{gecos}) . "$dq )"); + $conn->privmsg($event->replyto, 'Sending you the results...'); } else { $conn->privmsg($event->replyto, 'No results to send!'); } diff --git a/config-default/mysql.xml b/config-default/mysql.xml index 10aca77..a633813 100644 --- a/config-default/mysql.xml +++ b/config-default/mysql.xml @@ -6,4 +6,10 @@ <actiontable>actionlog</actiontable> <host>localhost</host> <port>3307</port> + <ignoredidents> + <ident>~chatzilla</ident> + </ignoredidents> + <ignoredgecos> + <geco>new now know how</geco> + </ignoredgecos> </mysql> diff --git a/modules/xml.pl b/modules/xml.pl index a3c6e85..9224649 100644 --- a/modules/xml.pl +++ b/modules/xml.pl @@ -16,7 +16,8 @@ sub readXML { $::channels = $::xs1->XMLin( "$p/channels.xml", ForceArray => \@fchan ); $::users = $::xs1->XMLin( "$p/users.xml", ForceArray => 'person'); $::commands = $::xs1->XMLin( "$p/commands.xml", ForceArray => [qw/command/]); - $::mysql = $::xs1->XMLin( "$p/mysql.xml", ForceArray => []); + $::mysql = $::xs1->XMLin( "$p/mysql.xml", ForceArray => ['ident', 'geco'], + 'GroupTags' => { ignoredidents => 'ident', ignoredgecos => 'geco' }); $::dnsbl = $::xs1->XMLin( "$p/dnsbl.xml", ForceArray => []); $::rules = $::xs1->XMLin( "$p/rules.xml", ForceArray => []); $::restrictions = $::xs1->XMLin( "$p/restrictions.xml", ForceArray => ['host', 'nick', 'account']); @@ -29,9 +30,15 @@ sub writeXML { writeUsers(); writeRestrictions(); writeBlacklist(); + writeMysql(); # $::xs1->XMLout($::commands, RootName => 'commands', KeyAttr => ['id']) > io("$::cset/commands.xml"); } +sub writeMysql { + $::settingschanged=1; + $::xs1->XMLout($::mysql, RootName => 'mysql', KeyAttr => ['id']) > io("$::cset/mysql.xml"); +} + sub writeChannels { $::settingschanged=1; $::xs1->XMLout($::channels, RootName => 'channels', KeyAttr => ['id'], NumericEscape => 2) > io("$::cset/channels.xml"); |