Open luk3yx opened 6 years ago
sofar
commented
5 years ago Yes, but, can we please maybe get some logging in the console as well if players want to cause floods this way? Silently dropping output may also cause unintentional side effects, so we should consider replying back with an error message and throttling the user for at least a few seconds, too.
luk3yx
commented
5 years ago What about adding ... to the end of long messages?
PRIVMSG #channel :A really long testing messag...I'd almost favor dropping the message and sending an error to the client. That may help prevent floods.
luk3yx
commented
5 years ago That would need a change somewhere else, there may be rouge irc.say()-s in other mods that need fixing too.
Forces all messages to be at most 512 bytes, to stop
cmd help allfrom theirc_commandsDoSing the server (making it quit with the messageRecvQ exceeded).This is done in the core IRC mod so it limits everything rather than just
irc_commands.Credit to @bigfoot547 for finding this vulnerability.