Author Topic: Bug in Subcommand check (Read 10135 times)

Temar · « **on:** February 13, 2008, 03:45:41 am »

im guessing that $ = NO subcommands allowed

in AccessControl.php function check_rights
it does a Check
if (isset($this -> access_cache[strtolower($command)]['$'][strtolower($channel)]))
IF
if ($subcommand === false)
wat if it isnt false? (which is when it NEEDS it most
i dont see a check

this is all asuming im guessing right about what $ means

Alreadythere · « **Reply #1 on:** February 13, 2008, 12:08:46 pm »

subcommand = "$" in the table means that no parameter or subcommand is allowed for this access right entry. Only !command without any further text is valid. This case only can happen if no subcommand exists, that's why it's in the $subcommand === false branch.

If $subcommand !== false we got a subcommand, so the $ entry cannot be valid anyways. That means we don't need to check for it, as the default behaviour of check_rights() is to return false. Which will happen if no valid subcommand entry for access rights is found.

So no, I think there is no bug here.

Blueeagle · « **Reply #2 on:** February 13, 2008, 04:46:51 pm »

Speaking of sub-commands when you look at any commandline program they use a dash or a slash to mark options. Is this something we should concider?

The syntax would then become something like !member -add Someuser

I am pretty sure that it will make a uniform options handler much easier to implement.

Alternately each module might make an array $subcom[]='add'; $subcom[]='del'; and one could loop trough it. Any thoughts on such an alternate implementation?

Temar · « **Reply #3 on:** February 13, 2008, 04:51:40 pm »

so if some one does more than just command it will get denied because it can't find access level

I don't see any use for it tho as a module that uses command only could just ignor the rest

Alreadythere · « **Reply #4 on:** February 13, 2008, 06:10:28 pm »

Check the !member command. Without any parameter it shows the memberlist, with add/del as parameter is changes it. Some bot admins may want to allow all members to check the memberlist, but in most cases they don't want non-admins to change it. This case can only be handled with something like $.