diff --git a/ChangeLog.md b/ChangeLog.md
index f3d01e6974..d6bf646016 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,11 @@
+# ZNC 1.9.1 (2024-07-03)
+
+* This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl.
+ * To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all.
+ * Thanks to Johannes Kuhn (DasBrain) for reporting, to glguy for the patch, and to multiple IRC network operators for help with mitigating this on server side before disclosure.
+* Improve tooltips in webadmin.
+
+
# ZNC 1.9.0 (2024-02-22)
## New
diff --git a/modules/data/webadmin/tmpl/add_edit_chan.tmpl b/modules/data/webadmin/tmpl/add_edit_chan.tmpl
index 1d030d0b72..4446a4ee82 100644
--- a/modules/data/webadmin/tmpl/add_edit_chan.tmpl
+++ b/modules/data/webadmin/tmpl/add_edit_chan.tmpl
@@ -27,13 +27,13 @@
diff --git a/modules/data/webadmin/tmpl/add_edit_network.tmpl b/modules/data/webadmin/tmpl/add_edit_network.tmpl
index 6d4140737a..18f1b5fb29 100644
--- a/modules/data/webadmin/tmpl/add_edit_network.tmpl
+++ b/modules/data/webadmin/tmpl/add_edit_network.tmpl
@@ -66,7 +66,7 @@
-
+
"
disabled />
diff --git a/modules/data/webadmin/tmpl/add_edit_user.tmpl b/modules/data/webadmin/tmpl/add_edit_user.tmpl
index 51e65c2785..20256bb8c0 100644
--- a/modules/data/webadmin/tmpl/add_edit_user.tmpl
+++ b/modules/data/webadmin/tmpl/add_edit_user.tmpl
@@ -45,7 +45,7 @@
title=""/>
-
+
"
checked="checked" disabled="disabled" />
@@ -87,7 +87,7 @@
disabled />
-
+
"
disabled />
@@ -249,13 +249,13 @@
-
+
"/>
@@ -269,12 +269,12 @@
-
+
"/>
@@ -304,7 +304,7 @@
@@ -341,14 +341,14 @@
title=""/>
-
+
" disabled="disabled" />
">
-
+
diff --git a/modules/data/webadmin/tmpl/settings.tmpl b/modules/data/webadmin/tmpl/settings.tmpl
index 5412ad1824..cb08d87e64 100644
--- a/modules/data/webadmin/tmpl/settings.tmpl
+++ b/modules/data/webadmin/tmpl/settings.tmpl
@@ -99,7 +99,7 @@
-
+
"/>
@@ -107,48 +107,48 @@
diff --git a/modules/data/webadmin/tmpl/traffic.tmpl b/modules/data/webadmin/tmpl/traffic.tmpl
index c4633bf5e2..a58fd2dd08 100644
--- a/modules/data/webadmin/tmpl/traffic.tmpl
+++ b/modules/data/webadmin/tmpl/traffic.tmpl
@@ -15,23 +15,23 @@
-
-
-
-
-
@@ -40,7 +40,7 @@
-
diff --git a/modules/modtcl.cpp b/modules/modtcl.cpp
index df7f92f4d5..365da2e735 100644
--- a/modules/modtcl.cpp
+++ b/modules/modtcl.cpp
@@ -248,8 +248,9 @@ class CModTcl : public CModule {
// chan specific
unsigned int nLength = vChans.size();
for (unsigned int n = 0; n < nLength; n++) {
+ CString sChannel = TclEscape(CString(vChans[n]->GetName()));
sCommand = "Binds::ProcessNick {" + sOldNick + "} {" + sHost +
- "} - {" + vChans[n]->GetName() + "} {" + sNewNickTmp +
+ "} - {" + sChannel + "} {" + sNewNickTmp +
"}";
int i = Tcl_Eval(interp, sCommand.c_str());
if (i != TCL_OK) {
@@ -260,14 +261,16 @@ class CModTcl : public CModule {
void OnKick(const CNick& OpNick, const CString& sKickedNick, CChan& Channel,
const CString& sMessage) override {
+ CString sMes = TclEscape(sMessage);
CString sOpNick = TclEscape(CString(OpNick.GetNick()));
CString sNick = TclEscape(sKickedNick);
CString sOpHost =
TclEscape(CString(OpNick.GetIdent() + "@" + OpNick.GetHost()));
+ CString sChannel = TclEscape(Channel.GetName());
CString sCommand = "Binds::ProcessKick {" + sOpNick + "} {" + sOpHost +
- "} - {" + Channel.GetName() + "} {" + sNick + "} {" +
- sMessage + "}";
+ "} - {" + sChannel + "} {" + sNick + "} {" +
+ sMes + "}";
int i = Tcl_Eval(interp, sCommand.c_str());
if (i != TCL_OK) {
PutModule(Tcl_GetStringResult(interp));
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
index 06bfc11cb2..b5d79bfc62 100644
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -792,9 +792,9 @@ class CWebAdminMod : public CModule {
CTemplate& o2 = Tmpl.AddRow("OptionLoop");
o2["Name"] = "autoclearchanbuffer";
- o2["DisplayName"] = t_s("Auto Clear Chan Buffer");
+ o2["DisplayName"] = t_s("Auto clear chan buffer");
o2["Tooltip"] =
- t_s("Automatically Clear Channel Buffer After Playback");
+ t_s("Automatically clear channel buffer after playback");
if ((pChan && pChan->AutoClearChanBuffer()) ||
(!pChan && pUser->AutoClearChanBuffer())) {
o2["Checked"] = "true";
@@ -1621,7 +1621,7 @@ class CWebAdminMod : public CModule {
CTemplate& o1 = Tmpl.AddRow("OptionLoop");
o1["Name"] = "autoclearchanbuffer";
- o1["DisplayName"] = t_s("Auto Clear Chan Buffer");
+ o1["DisplayName"] = t_s("Auto clear chan buffer");
o1["Tooltip"] =
t_s("Automatically clear channel buffer after playback (the "
"default value for new channels)");
@@ -1686,7 +1686,7 @@ class CWebAdminMod : public CModule {
CTemplate& o13 = Tmpl.AddRow("OptionLoop");
o13["Name"] = "denysetnetwork";
- o13["DisplayName"] = t_s("Deny Editing Networks/Servers");
+ o13["DisplayName"] = t_s("Deny editing networks/servers");
o13["Tooltip"] =
t_s("Deny adding/deleting networks, setting network name and editing the server list");
if (pUser->DenySetNetwork()) {
@@ -1709,7 +1709,7 @@ class CWebAdminMod : public CModule {
CTemplate& o16 = Tmpl.AddRow("OptionLoop");
o16["Name"] = "denysetctcpreplies";
- o16["DisplayName"] = t_s("Deny Setting CTCP Replies");
+ o16["DisplayName"] = t_s("Deny setting CTCP replies");
o16["Tooltip"] =
t_s("Block customizing CTCP replies for non-admin users");
if (pUser->DenySetCTCPReplies()) {
@@ -1719,7 +1719,7 @@ class CWebAdminMod : public CModule {
CTemplate& o17 = Tmpl.AddRow("OptionLoop");
o17["Name"] = "autoclearquerybuffer";
- o17["DisplayName"] = t_s("Auto Clear Query Buffer");
+ o17["DisplayName"] = t_s("Auto clear query buffer");
o17["Tooltip"] =
t_s("Automatically clear query buffer after playback");
if (pUser->AutoClearQueryBuffer()) {