r3311 - trunk/data/qcsrc/server
DONOTREPLY at icculus.org
DONOTREPLY at icculus.org
Wed Jan 30 06:52:43 EST 2008
Author: div0
Date: 2008-01-30 06:52:43 -0500 (Wed, 30 Jan 2008)
New Revision: 3311
Modified:
trunk/data/qcsrc/server/clientcommands.qc
Log:
possibly this does nothing, possibly this fixes a security hole in voting
Modified: trunk/data/qcsrc/server/clientcommands.qc
===================================================================
--- trunk/data/qcsrc/server/clientcommands.qc 2008-01-30 11:49:53 UTC (rev 3310)
+++ trunk/data/qcsrc/server/clientcommands.qc 2008-01-30 11:52:43 UTC (rev 3311)
@@ -130,6 +130,17 @@
strunzone(msgstr);
}
+float VoteCheckNasty(string cmd)
+{
+ if(strstrofs(cmd, ";", 0) >= 0)
+ return FALSE;
+ if(strstrofs(cmd, "\n", 0) >= 0)
+ return FALSE;
+ if(strstrofs(cmd, "\r", 0) >= 0)
+ return FALSE;
+ return TRUE;
+}
+
string GetKickVoteVictim_newcommand;
entity GetKickVoteVictim(string vote, string cmd)
{
@@ -216,6 +227,8 @@
sprint(self, "^1Your vote is empty. See help for more info.\n");
} else if(time < self.vote_next) {
sprint(self, strcat("^1You have to wait ^2", ftos(self.vote_next - time), "^1 seconds before you can again call a vote.\n"));
+ } else if(VoteCheckNasty(vote)) {
+ sprint(self, "Syntax error in command.\n");
} else if(VoteAllowed(strcat1(argv(2)))) { // strcat seems to be necessary
// remap chmap to gotomap (forces intermission)
if(vote == "chmap" || vote == "gotomap") // won't work without arguments
@@ -306,6 +319,8 @@
dovote = VoteParse();
if(dovote == "") {
sprint(self, "^1Your command was empty. See help for more info.\n");
+ } else if(VoteCheckNasty(dovote)) {
+ sprint(self, "Syntax error in command.\n");
} else if(VoteAllowed(strcat1(argv(2)))) { // strcat seems to be necessary
if(dovote == "chmap" || dovote == "gotomap") // won't work without arguments
return;
More information about the nexuiz-commits
mailing list