From 505caf5ab5bc2a7aaddf64463f602b19a89f9221 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Sun, 28 Apr 2019 09:31:41 +0000
Subject: [PATCH] A bit more input validation around the IRC server/channel.

---
 exec/chat_sec.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/exec/chat_sec.js b/exec/chat_sec.js
index 9f41eeff02..19cc678b20 100644
--- a/exec/chat_sec.js
+++ b/exec/chat_sec.js
@@ -48,7 +48,7 @@ while(1) {
 	bbs.nodesync();
 	write("\r\n\x01_\x01y\x01hChat: \x01n");
 
-	var keys = "ACDJLPQRST?\r";
+	var keys = "ACDJPQRST?\r";
 	if(options.irc)
 		keys += "I";
 	if(options.finger)
@@ -85,13 +85,17 @@ while(1) {
 			if(user.security.level >= options.irc_seclevel || user.security.exemptions&UFLAG_C) {
 				write("\r\n\x01n\x01y\x01hIRC Server: ");
 				server=console.getstr(options.irc_server, 40, K_EDIT|K_LINE|K_AUTODEL);
-				if(console.aborted)
+				if(console.aborted || server.length < 4)
 					break;
 			}
+			if(server.indexOf(' ') < 0)
+				server += " 6667";
 			write("\r\n\x01n\x01y\x01hIRC Channel: ");
 			var channel=console.getstr(options.irc_channel, 40, K_EDIT|K_LINE|K_AUTODEL);
-			if(!console.aborted)
+			if(!console.aborted && channel.length) {
+				log("IRC to " + server + " " + channel);
 				bbs.exec("?irc -a " + server + " " + channel); // can't be load()ed because it calls exit()
+			}
 			break;
 		}
 		case 'J':
-- 
GitLab