Hard-linked some files in scrhelp.

added a few more filters to the babel gag

Chris

This should make installation easier and preserve symlinks in these
directories.

Removed some thread-related variables from Makefile

with new protection code).

Reversed some of cmc's changes to the censor gag (it was too sensitive
& picked up things like 'parsec', 'assimilate', 'wristwatch').

(^A) from the end of a buffer.  These can get into messages sent to pipes
either by sending an IPC string ending with ^A, or snprintf() truncating
a string that has been lengthened by quotetext().

Added a dedicated pid buffer in handle_mesg().  This allows pid fetches
to be split across read() calls.  Before, it was possible to break the
pid fetch by sending messages in quick succession so that a read() would
return the end of one message but only 1-2 bytes of the next message's
pid.

Both of these bugs could be exploited to get su status by someone running a mw
process with one of a certain set of pids (see the script below for details)

# send arbitary command to someone's pipe
# example: ,hack finnw 2 +s (gives finnw +s status)
function hack
    LOCAL command filler
    MAKESTR filler 1024 |
    SENDIPC $1 $filler
    TOASCII command $2
    SENDIPC $1 "x|${command}xxxx$3"
endfunc

# broadcast arbitrary command
# e.g. ,hackb 15 "" (blanks everyone's password)
function hackb
    LOCAL command filler
    MAKESTR filler 1024 |
    SENDIPB $filler
    TOASCII command $1
    SENDIPB "x|${command}xxxx$2"
endfunc

# You need a pid of 0x..7c, eg 8316=0x207c
# A variation should work for pids of 0x7c.. (except 0x7c01, 0x7c7c):
#     SENDIPC $1 "xxx${command}xxxx$3"

etc, are now stripped of control chars just like commands typed at the
console, so scripts can no longer be used to insert odd chars like ^@
in messages.  IPC is not affected.

The 'type' argument to !search can now be tab-completed.

Added 'protlevel' option to !search

Updated help pages for !search, .protect and chatmodes

!user view and !status now show permanent protect flags

This fixes a security hole similar to the one with !force, but it needs
less privs to exploit.  This script would have given su to anyone with the
advanced script priv (after zodding themselves):
  WHOAMI USER
  TOASCII FORCE_STATUS 2
  EXEC "zod $USER fish|${FORCE_STATUS}xxxx+s"

PS: This one wasnt my fault :-)

require any privs at all.
Looks like this was my fault - it must have been when I added the non-
forceable command flag.  (doh!)

Corrected some typos in comments in expand.c

Removed some logging code in main.c (which logged every command typed in
a devel version.  Probably not necessary anymore).

Superusers can now run development versions (they don't need the D
special flag anymore).

over the original string).  This should reduce the risk of buffer
overruns.

The text of a !force'd command is now quoted like chat text.  Previously
you could give someone su status with a script like:
  TOASCII CHAR 2
  BOARDEXEC "force $USER fish|${CHAR}xxxx+s"
Of course only su's could use BOARDEXEC, but someone running an old
version could be forced to load and run the script.

Improvements to permanent protection:

Usage messages are shown if you give the wrong number of arguments to
.protect

You can no longer remove someone's level 1 permanent protection if you
only have the 'P' chatpriv but zero protpower.

You now see the message "you have just been given temporary protection"
if someone does .protect <yourname> and you have protpower > 0.

MUDEXEC now works

Fry

Updated 'force' catching so if you have the advanced script priv it allows
people to catch forces in scripts, but only if you have SU can you block
forces.

For some *bizarre* reason someone (finnw according to the cvs history log)
had changed it so that any old person could happily block forces by making a
script of:

function forced
endfunc

way to go finnw..

---

Also added 'mudexec' to allow execution of mud commands from scripts. Err..
it doesnt do much atm, but am working on it ;)

Fry

[slaps cmc around a bit]
I've now added the comma's seperating the bork fields so it compiles :)

Chris

Added several more babelfish filters

Chris

Several fixes - none all that important.

The only _slightly_ major one is the addition of '[help' so that the error
message "invalid command 'help'. See '[help' for a list of commands" wont
appear any more :)

Fry

New rooms and fixed rooms

Fry

Fixed the 'censor' gag filter (again)

Moved all the 'sport' related censor gags to a new filter (gag user nosport)

Fixed finnws silly (but understandable) '!usr passwd' bug that made any word
beginning with 'p' run '!user protection' instead.

Fry

Added to censor gag again, this time adding a few sports related filters.

Added another couple of filters to the censor gag.

Chris

Made a few minor changes to the censor gag.

I have added quite a few more translations to the babel fish gag

Chris

Happy new year everyone.

I fixed that command-line bug in mw, where you could do '.    raw Hello'. It
now acts properly rather than add the command name to the front again.

Oh, i'm back off to Leamington now, so I wont see you lot!

PS: Get a web-mw talker up and running ASAP Please!!! :)

Fry

Added the 'auto-catchup-all-but-the-last-few-messages' feature for new
users.

Basically, users get any messages in a folder less than a week old, up to a
max of 10 messages. Atm, leaves around 20 of them, and 10 of them are in
'suggest' I think.

Seems quite a reasonable load to me - not daunting, yet gives quite a good
background in messages.

Fry

Ooops. slight mistake. Will work now, rather than segv'ing :)

Fry

ZOD's are now room specific (although 'leaving talker' message still
appears).

Fry

Added back in the 'Data Protection Act' message when a new user joins. I
dont know why this was removed (been gone for a while), but it is useful,
and also tells people how to *CANCEL* their loggin, which is a useful bit of
knowledge no-one seems to know unless told.

Oh, 'initfunc's now auto-load when a '.load <file>' is done. There is now a
new flag for each function called 'new' which is set on load, and unset when
checked for initialisation. That way, only newly read functions are
re-inited, to stop variables being reset (which is annoying).

Fry

Fixed a couple of mistakes in bork.h, and initialised 'colr' to NULL in
display_message so it doesnt give that annoying error on compile.

Fry

PS: you lot havent made many changes have you? :)
PPS: Finnw, interesting 'protect' stuff - i'll be interested to see how that
     develops.
PPPS: i'm have a list of many many many other things to fix in mw which dont
      seem to have got done while i was away, so expect a couple (not many)
      more updates :)

More babel fish gags added

Chris

Added more filters to the bork.h file

Corrected a couple of spelling errors in babel gag and added a couple of
different tenses for existing changes (eg. post -> stamp now also gives
posted -> stamped).

Chris

Added "permanent protect" function.  Help page coming soon.
Main commands:
!user protection <user>  - to give someone the priv, eg "/4" means they
can give permanent protection up to level 4.  They will need the 'P'
chatpriv as well for it to work.

.protect <user> <0-4>  - to protect someone
This is not an extension of the 'p' flag - it is a new one which has
a similar effect.  Unlike the 'p' chatmode it is sticky.

The who list format is changed slightly for people with the priv.
Users without it shouldn't notice any difference.

This feature is intended for keeping users gagged/frozen if necessary
(eg if they are being abusive), without having to remove their privs.

Fixed some syntax errors

added babel and annoy gag filters.

Chris

Resolved some conflicts in bork.h

NB - cmckenna:  If you get lines with "<<<<<" or ">>>>>" in a file
when you do a cvs update, it means there was a conflict (someone else
changed the lines since you did the checkout).  You have to manually
merge the two sections.  It's fairly easy with initialiser lists like
this one.

Removed some more unused thread code.

The 'D' special flag check (on devel versions) is now bypassed if
getuid() == geteuid().

!resubscribe and !unsubscribe can be forced once again.

Fixed a buffer overrun in display_message().  It was only making sure
there was room for the next character.  Long colour codes could overrun
the end of the buffer.  Unused colour codes (ie with another colour
code following but no printables in between) are now overwritten in the
output buffer.

Removed log.bb and who.bb.  They keep causing conflicts & there is no
advantage in keeping copies in the repository (unlike folders).

Added the (D)eveloper special flag.  This is now required to run
development versions of mw.

Added the (Q)uiet special flag, which allows non-superusers to log in
quietly.  This is intended for test users, so that they don't need su.

Updated wizhelp/special with the new flags (and 'U' which was missing).