Plain text hooks can be used to send CTCPs

[0xallie]

Using a URL such as the one below, one can send CTCP requests to channels.

http://n.tkte.ch/h/ID/TOKEN/?payload=%01VERSION%01

This shouldn't be allowed, as it can be also used to send DCC router exploits. The most trivial solution would be to strip out \x01.

[0xallie]

On another thought, preserving support for CTCP ACTION (/me) would be nice. So the trivial solution isn't that good maybe.