security: strip newlines embedded in parameters to prevent arbitrary command execution

2013-07-19 13:01:34 -05:00 · 2013-07-19 13:01:34 -05:00 · 1281756d49
parent 4bc268f5a4
commit 1281756d49
1 changed files with 1 additions and 0 deletions
--- a/core/irc.py
+++ b/core/irc.py
@ -17,6 +17,7 @@ def decode(txt):


 def censor(text):
+    text = text.replace('\n', '').replace('\r', '')
    replacement = '[censored]'
    if 'censored_strings' in bot.config:
        words = map(re.escape, bot.config['censored_strings'])