Fix typos
src: Yearly copyright bump This time on time!
Fix a security issue with LDAP usernames LDAP usernames are directly concatenated into the filter query, which opens up the risk of unauthenticated LDAP injection, potentially allowing to bypass the authentication. To solve this, apply escaping as per RFC 4515. Co-authored-by: Shane Synan <digitalcircuit36939@gmail.com> Co-authored-by: Manuel Nickschas <sputnick@quassel-irc.org>
common: strip format codes for Message ignores Strip IRC formatting codes from the message for ignore rules that match on Message contents. Pros: * Easier to set ignore rules for rainbow-messages or other format spam * Consistent with highlight rules/highlight ignore rules Cons: * Not possible to ignore messages matching a specific format pattern * Breaks existing ignores written to handle mid-message format codes Alternative: make it a setting! Requires protocol changes, new strings - would need to be after 0.14. NOTE: This impacts both the client and the core. Mismatching client/core versions will result in different behavior for ignoring messages with formatting codes inside the ignore rule itself. Example: The following message contains color codes... I love ^3IRC! ^It is the ^7best protocol ever! (Borrowed from https://modern.ircdocs.horse/formatting.html#examples ) If someone previously created a regular expression ignore rule for... "I love ...IRC" ("." is the regular expression replacement character) ...the ignore rule will need updated to remove the "..." as the formatting codes are no longer part of the match. Instead, the Message portion of the ignore rule would become... "I love IRC"
common: Make regular expressions Unicode-aware Without the UseUnicodePropertiesOption flag, Qt's regular expressions do not include extra-ASCII codepoints when matching character classes. This results in \W (used by the highlight logic to prevent matching against substrings) matching against letters with diacritics, meaning the words 'Västra' and 'TÜV' would both count as a highlight for the nick V. Add unit tests to verify this functionality is correct in Quassel and any projects that implement ExpressionMatch. Co-authored-by: V <v@anomalous.eu>
core: Require TLS cert to be loaded if --require-ssl is used If the user specifies --require-ssl, but the core cannot load a SSL/TLS certificate for any reason, the core will throw an exception and quit. This fixes a minor security vulnerability where previously, the core would simply fall back to plaintext mode and not offer encrypted connections at all.
This commit changes the official Quassel IRC channel, (#quassel) from the Freenode IRC network to the Libera IRC network in response to recent issues which resulted in the entire volunteer staff of Freenode stepping down. For more information about this situation, please read this: https://gist.github.com/joepie91/df80d8d36cd9d1bde46ba018af497409
client: Fix an issue with redirection in MessageFilter Temporarily enabling the shadow warning unearthed an issue in 13 year old code. I'm not quite sure if this really caused problems in practice, but it clearly seems wrong to keep the invalid BufferId in the outer scope after fixing it in the inner scope, so fix it.
qa: Modernize invocation of QProcess in ExecWrapper Don't use deprecated API for QProcess in ExecWrapper for starting a script; arguments should be given as a QStringList instead of a QString. Modernize and improve the parsing of the command line by switching to QRegularExpression from QRegExp. Resolves a deprecation warning that was introduced in Qt 5.15.
qa: Resolve Qt deprecation warnings - use sslHandshakeErrors Qt 5.15 introduced a new and improved signal name for accessing SSL handshake errors, and at the same time started issuing a deprecation warning for the old one, so we need some ifdefs for clean compilation.
qa: Resolve Qt deprecation warnings - default-construct QFlags Empty QFlags should not be created by giving a nullptr to the ctor, but by simply using the default ctor instead. Resolves a deprecation warning that was introduced in Qt 5.15.
ircv3: Add support for weird tag names, per the spec IRCv3 currently does not specify (or recommend specifying) any tag names which would contain multiple slashes, but IRCv3 does recommend clients should gracefully handle any possible tag, ideally treating it as opaque string. We’d like to avoid that, but also want to ensure even after a roundtrip through our core, tags we don’t support are still in identical condition.