Security Advisories (1)

CVE-2010-3438 (2019-11-12)

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \"some text\\rQUIT\" to the 'privmsg' handler, which would cause the client to disconnect from the server.

NAME

POE::Component::IRC::Plugin::PlugMan - a POE::Component::IRC plugin that provides plugin management services.

SYNOPSIS

   use strict;
   use warnings;
   use POE qw(Component::IRC::State);
   use POE::Component::IRC::Plugin::PlugMan;

   my $botowner = 'somebody!*@somehost.com';
   my $irc = POE::Component::IRC::State->spawn();

   POE::Session->create( 
        package_states => [ 
                'main' => [ qw(_start irc_plugin_add) ],
        ],
   );

   sub _start {
     $irc->yield( register => 'all' );
     $irc->plugin_add( 'PlugMan' => POE::Component::IRC::Plugin::PlugMan->new( botowner => $botowner ) );
     undef;
   }

   sub irc_plugin_add {
     my ( $desc, $plugin ) = @_[ARG0,ARG1];
     
     if ( $desc eq 'PlugMan' ) {
	$plugin->load( 'Connector', 'POE::Component::IRC::Plugin::Connector' );
     }
     undef;
   }

DESCRIPTION

POE::Component::IRC::Plugin::PlugMan is a POE::Component::IRC plugin management plugin. It provides support for 'on-the-fly' loading, reloading and unloading of plugin modules, via object methods that you can incorporate into your own code and a handy IRC interface.

CONSTRUCTOR

new

Takes two optional arguments:

"botowner", an IRC mask to match against for people issuing commands via the IRC interface;
"debug", set to a true value to see when stuff goes wrong;

Not setting a "botowner" effectively disables the IRC interface.

If "botowner" is specified the plugin checks that it is being loaded into a POE::Component::IRC::State or sub-class and will fail to load otherwise.

Returns a plugin object suitable for feeding to POE::Component::IRC's plugin_add() method.

METHODS

load

Loads a managed plugin.

Takes two mandatory arguments, a plugin descriptor and a plugin package name. Any other arguments are used as options to the loaded plugin constructor.

$plugin->load( 'Connector', 'POE::Component::IRC::Plugin::Connector', delay, 120 );

Returns true or false depending on whether the load was successfully or not.

You may check $@ for error messages.

unload

Unloads a managed plugin.

Takes one mandatory argument, a plugin descriptor.

$plugin->unload( 'Connector' );

Returns true or false depending on whether the unload was successfully or not.

reload

Unloads and loads a managed plugin, with applicable plugin options.

Takes one mandatory argument, a plugin descriptor.

$plugin->reload( 'Connector' );

You may check $@ for error messages.

loaded

Takes no arguments.

$plugin->loaded();

Returns a list of descriptors of managed plugins.

IRC INTERFACE

The IRC interface is enabled by specifying a "botowner" mask to new(). Commands may be either invoked via a PRIVMSG directly to your bot or in a channel by prefixing the command with the nickname of your bot. One caveat, the parsing of the irc command is very rudimentary ( it merely splits the line on \s+ ).

plugin_add: Takes the same arguments as load().
plugin_del: Takes the same arguments as unload().
plugin_reload: Takes the same arguments as reload().
plugin_loaded: Returns a list of descriptors of managed plugins.
plugin_list: Returns a list of descriptors of *all* plugins loaded into the current PoCo-IRC component.

AUTHOR

Chris 'BinGOs' Williams

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)