Skip to content

v4.0.5
Compare
Choose a tag to compare
@JiPaix JiPaix released this 22 Aug 17:12
v4.0.5
753dc79

Security improvement

add a secure option

This options is optional AND enabled by default :
It denies files sent by bot with different name than the one requested.

How to use :

In command-line with --no-secure option :

xdccJS --host irc.server.net --no-secure --download 1 --bot "SWEET|BOT"

Using the library :

let opts = {
  host: 'irc.server.net',
  secure: false
}

const xdccJS = new XDCC(opts)

Explanation :
Some IRC channels send files through different bot from the one you do the request,

  1. You query "SOURCE-BOT" for a file : /MSG SOURCE-BOT xdcc send 23
  2. then "REPLICA-BOT" answer your request and sends you a file.

In this case you would need secure to be false, but there's a risk :

  1. You query "SOURCE-BOT" for file : /MSG SOURCE-BOT xdcc send 23
  2. Someone other than "REPLICA-BOT" sends you a file
Assets 5
Loading