1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • exec/imapservice.js exec/load/822header.js

    From Deucе@VERT to Git commit to main/sbbs/master on Mon Nov 11 01:43:03 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/830fb14ebae2ebb964528ea4
    Modified Files:
    exec/imapservice.js exec/load/822header.js
    Log Message:
    Fix what appears to be a potential security hole (and some other stuff)

    If the INI file could not be opened, a failure would be returned,
    but authentication would (potentially) succeed. I can't think of
    a way to exploit this, but it's getting late.

    Also, make some minor optimizations that won't make a difference yet,
    and move opening the file into a single function.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net