[IRCServices Coding] Services 5.0 alpha 9 released

Andrew Church achurch at achurch.org
Wed Dec 26 03:08:51 PST 2001 

>I was playing with the httpd/dbaccess/xml-export module, and IE6's
>usually annoying XML syntax checking pointed something out. Where
>there's an ampersand in a last_quit field, it replaces it with
>"&amp-" as opposed to the correct "&", which causes IE to choke
>:). The context is as follows:
>
><nickinfo>
><nick>[nick]</nick>
>...
><last_quit>Quit: Peace &amp- Protection 4.06</last_quit>
>...
><nickinfo>

     Okay, that was a stupid one... an off-by-one error in a memcpy() size
argument.  Fixed, thanks; the patch is as follows:

---------------------------------------------------------------------------
--- modules/misc/xml-export.c	19 Dec 2001 16:35:13 -0000	2.2
+++ modules/misc/xml-export.c	25 Dec 2001 18:12:42 -0000	2.3
@@ -94,7 +94,7 @@
 	    d += 4;
 	    break;
 	  case '&':
-	    memcpy(d, "&amp;", 4);
+	    memcpy(d, "&amp;", 5);
 	    d += 5;
 	    break;
 	  default:
---------------------------------------------------------------------------

>Also, it seems to pad every <supass> or <pass> field with lots of
>"&#0;" null chars:
><supass>mysupass&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&
>#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;</supass>
><pass>&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0
>;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;&#0;</pa
>ss>

     This is because the export-xml module can't know that the encryption
module (if one is in use) uses a null character as a string terminator.
In point of fact, the MD5 encryption module stores the passwords as 16 raw
bytes rather than 32 hex characters, so null characters can very possibly
appear in the middle of a password.  Thus, passwords are stored as raw
buffers of data (properly XML-encoded).

>Also, on my #chat channel on the v4 installation, Voice is set to
>level 0, so everyone is voiced when they join. However, when my AOPs
>join #chat on the v5 net, they get set +hq, and normal users don't
>get anything, which is rather odd (possibly to do with me not running
>the xOP module or something...). I'm continuing to investigate this
>one.

     You should probably look into what check_access_cumode()
(modules/chanserv/access.c) is doing; that part of the code has been
thoroughly redone and gotten almost no testing.  I'm not sure what would
cause the autovoice level to get set to 0.

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/