Originally Posted By: qwerty
Originally Posted By: s00p
Originally Posted By: qwerty
The code is exploitable, and not just by an evil oper but by users as well. All one needs to do is get you to join #$q (which is a valid channel name) to be able to make you quit IRC (/q is a /quit default alias, or at least something a lot of users have installed).


Not true. $q doesn't execute quit anymore.
The mirc installer used to install certain common aliases (this is what I meant by "default aliases"), like /j and /q (there used to be a line "/q /quit $1-" in Aliases). In these cases, $q would certainly execute /quit. I seem to remember these stock aliases are no longer included in a clean install but many users still have a /q alias. These details are besides the point though, which is that an attacker can do a lot of damage if they happen to have a little more information about a victim's installed aliases.

Ohh, indeed. I apologise, you are correct. I was mistakening /q for an inbuilt function.

Originally Posted By: qwerty
Originally Posted By: s00p

edit #3: In order to "refrain from any comments if you think people did stupid or non logical things", as suggested by one of the forum moderators, I won't be pointing out any vulnerable or "stupid" code in the future. I hope that makes whoever was upset by my constructive criticism happy. wink
I'm sure the moderator who told you that did not mean "do not comment when a helper gives out vulnerable code" in particular - he was probably thinking of your often incendiary and sometimes downright rude attitude, which I think distracts people from the actual constructive points made in your posts.

I understand that the last thing you guys want in your forum is someone who is constantly rude. I understand this. The reason you may describe me as "incendiary" is simple, however lengthy.

Every now and then you'll come across a message that displays a clear understanding of intent and a vague description of what went wrong with the logic. This displays how eager the person is to learn (whether it be learning to script or just learning to fix the problem). They've probably already done a fair bit of research into their problem, consulted the docs, etc. It makes helping easy, and enjoyable. Not just that, but due to the time they've taken to describe their problem and ask for help, you can assume they're a humble person. They're not likely to be bothered if you say "this code is stupid" (probably in a nicer way), and point them in the right direction because they're so eager to learn that they'll be happy when they understand why their solution doesn't work and/or how to solve their problem properly.

Then there's the people who don't know how to learn (eg. by reading documentation), the impatient people, the people who know better, and the people who just want someone else to do it. There is one lot of people who have an excuse here, and they're probably not all that intelligent because they don't know how to learn. Call the code stupid, and refer them to the help files, and even if they're spoonfed by someone else, they might just notice that "rude" message that's telling them to RTFM. wink