Address 2 QWK/REP-importing security issues:

1. If QWKE was enabled for the QWKnet account on the Hub, a user could spoof their name with a "From:" QWKE kludge line in the message body. Fixed by not processing QWKE "From:" kludge lines at all, ever. 2. If an @VIA kludge line was in the message body, it could over-ride the correct value from the HEADERS.DAT (oops). Really, the SENDERNET* lines in the HEADERS.DAT were always being overriden by either the @VIA kludge line (if present) or just the auto-genereated SENDERNET info (from the QWK-ID of the QWKnet account or hub. Normally, in a single hop QWKnet message, there will be no @VIA line, so spoofing is still possible in that case.

Address 2 QWK/REP-importing security issues:
0e99d274 · rswindell · 6ad0db8c · 0e99d274
Commit 0e99d274 authored 8 years ago by rswindell
--- a/src/sbbs3/qwktomsg.cpp
+++ b/src/sbbs3/qwktomsg.cpp
@@ -382,8 +382,9 @@ bool sbbs_t::qwk_import_msg(FILE *qwk_fp, char *hdrblk, ulong blocks

 	/* Parse QWK Kludges (QWKE standard and SyncQNET legacy) here: */
 	if(useron.rest&FLAG('Q') || fromhub) {      /* QWK Net */
-		if((p=iniGetString(kludges,ROOT_SECTION,"@VIA",NULL,NULL)) != NULL) {
-			if(!fromhub)
+		if((msg->from_net.type == NET_QWK && (p=(char*)msg->from_net.addr) != NULL)
+			|| (p=iniGetString(kludges,ROOT_SECTION,"@VIA",NULL,NULL)) != NULL) {
+			if(!fromhub && p != msg->from_net.addr)
 				set_qwk_flag(QWK_VIA);
 			if(route_circ(p,cfg.sys_id)) {
 				bprintf("\r\nCircular message path: %s\r\n",p);
@@ -410,7 +411,6 @@ bool sbbs_t::qwk_import_msg(FILE *qwk_fp, char *hdrblk, ulong blocks
 		net_type=NET_QWK;
 		smb_hfield_netaddr(msg, SENDERNETADDR, str, &net_type);
 		smb_hfield_bin(msg,SENDERNETTYPE,net_type);
-
 	} else {
 		sprintf(str,"%u",useron.number);
 		smb_hfield_str(msg,SENDEREXT,str);
@@ -448,9 +448,7 @@ bool sbbs_t::qwk_import_msg(FILE *qwk_fp, char *hdrblk, ulong blocks
 		smb_hfield_replace_str(msg,SUBJECT,p);
 	if((p=iniGetString(kludges,ROOT_SECTION,"To",NULL,NULL)) != NULL)
 		smb_hfield_replace_str(msg,RECIPIENT,p);
-	if((useron.rest&FLAG('Q'))
-		&& (p=iniGetString(kludges,ROOT_SECTION,"From",NULL,NULL)) != NULL)
-		smb_hfield_replace_str(msg,SENDER,p);
+	/* Don't use the From: kludge, for security reasons */

 	strListFree(&kludges);