1. Forum
  2. DOVE-Net
  3. Synchronet Sysops

  • Don't save unfinished message sent by guest

    From Nigel Reed@VERT to GitLab issue in main/sbbs on Mon Feb 6 18:38:37 2023
    open https://gitlab.synchro.net/main/sbbs/-/issues/508

    When using Nightfox's login matrix I went to send an email to sysop and found that an email by a previous guest was still hanging around. This could be abused by two users wishing to exchange messages by way of logging in, leaving a message and then dropping the call and another one dialing in to pick it up.

    Also, since guest is user 0000 then if it's using 0000.draft.mail.msg then two guests could possibly be creating the same draft message.

    I propose that guest messages are checked and deleted before a new message is sent and that appending the node number to the filename will stop guests stomping on each others messages.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Eric Oulashin@VERT to GitLab note in main/sbbs on Mon Feb 6 19:56:09 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3172

    I don't think this is specific to my login matrix. From what I remember, this is a standard feature of Synchronet allowing a user to resume editing a message in case that user had been disconnected.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Nigel Reed@VERT to GitLab note in main/sbbs on Mon Feb 6 21:28:16 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3173

    Resume editing a post is fine, but not as a guest user, for reasons detailed above and more. Especially if user is inputting personal information for password recovery purposes. A guest should never be able to recover another guests posts.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab note in main/sbbs on Tue Feb 7 12:00:09 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3175

    User #0 is not guest (it's "no one"). This is still an issue, but not related to draft messages from guest accounts, which I believe are already auto-ignored/purged/not-saved, but I'll confirm that too.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Nigel Reed@VERT to GitLab note in main/sbbs on Tue Feb 7 12:05:28 2023
    https://gitlab.synchro.net/main/sbbs/-/issues/508#note_3176

    Yes, you're right, my bad on the user 0. I guess before someone logs into the login matrix they are "no one" so any email to sysop is going to be written to the user 0 temp file.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to GitLab issue in main/sbbs on Tue Feb 7 18:11:56 2023
    close https://gitlab.synchro.net/main/sbbs/-/issues/508

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net