[nexuiz-commits] r8390 - in trunk/data: particles qcsrc/common

DONOTREPLY at icculus.org DONOTREPLY at icculus.org
Sun Dec 13 14:28:12 EST 2009


Author: div0
Date: 2009-12-13 14:28:12 -0500 (Sun, 13 Dec 2009)
New Revision: 8390

Modified:
   trunk/data/particles/particlefont-template.png
   trunk/data/qcsrc/common/mapinfo.qc
Log:
fix settemp security hole :P


Modified: trunk/data/particles/particlefont-template.png
===================================================================
(Binary files differ)

Modified: trunk/data/qcsrc/common/mapinfo.qc
===================================================================
--- trunk/data/qcsrc/common/mapinfo.qc	2009-12-13 17:10:57 UTC (rev 8389)
+++ trunk/data/qcsrc/common/mapinfo.qc	2009-12-13 19:28:12 UTC (rev 8390)
@@ -540,7 +540,7 @@
 	else                    return 0;
 }
 
-void _MapInfo_Parse_Settemp(string pFilename, string acl, string s, float recurse)
+void _MapInfo_Parse_Settemp(string pFilename, string acl, float type, string s, float recurse)
 {
 	string t;
 	float fh, o;
@@ -602,7 +602,7 @@
 					if(substring(s, 0, 5) == "seta ")
 						s = substring(s, 5, -1);
 
-					_MapInfo_Parse_Settemp(pFilename, acl, s, recurse - 1);
+					_MapInfo_Parse_Settemp(pFilename, acl, type, s, recurse - 1);
 				}
 				fclose(fh);
 			}
@@ -616,15 +616,31 @@
 		print("Map ", pFilename, " contains a potentially harmful setting, ignored\n");
 	else if(substring(t, 0, 10) == "g_mapinfo_")
 		print("Map ", pFilename, " contains a potentially harmful setting, ignored\n");
+	else if(substring(t, 0, 5) == "rcon_")
+		print("Map ", pFilename, " contains a potentially harmful setting, ignored\n");
+	else if(substring(t, 0, 8) == "settemp_")
+		print("Map ", pFilename, " contains a potentially harmful setting, ignored\n");
+	else if(substring(t, 0, 1) == "_")
+		print("Map ", pFilename, " contains a potentially harmful setting, ignored\n");
 	else if(matchacl(acl, t) <= 0)
 		print("Map ", pFilename, " contains a denied setting, ignored\n");
 	else
 	{
-		dprint("Applying temporary setting ", t, " := ", s, "\n");
-		if(cvar("g_campaign"))
-			cvar_set(t, s); // this is a wrapper and is always temporary anyway; no need to backup old values then
+		if(type == 0) // server set
+		{
+			dprint("Applying temporary setting ", t, " := ", s, "\n");
+			if(cvar("g_campaign"))
+				cvar_set(t, s); // this is a wrapper and is always temporary anyway; no need to backup old values then
+			else
+				cvar_settemp(t, s);
+		}
 		else
-			cvar_settemp(t, s);
+		{
+			dprint("Applying temporary client setting ", t, " := ", s, "\n");
+			MapInfo_Map_clientstuff = strcat(
+					MapInfo_Map_clientstuff, "cl_cmd settemp \"", t, "\" \"", s, "\"\n"
+					);
+		}
 	}
 }
 
@@ -822,7 +838,7 @@
 			{
 				if(f & pGametypeToSet)
 				{
-					_MapInfo_Parse_Settemp(pFilename, acl, s, 1);
+					_MapInfo_Parse_Settemp(pFilename, acl, 0, s, 1);
 				}
 			}
 			else
@@ -837,18 +853,7 @@
 			{
 				if(f & pGametypeToSet)
 				{
-					t = car(s); s = cdr(s);
-					if not(cvar_value_issafe(t))
-						print("Map ", pFilename, " contains a potentially harmful client setting, ignored\n");
-					else if not (cvar_value_issafe(s))
-						print("Map ", pFilename, " contains a potentially harmful client setting, ignored\n");
-					else
-					{
-						dprint("Applying temporary client setting ", t, " := ", s, "\n");
-						MapInfo_Map_clientstuff = strcat(
-							MapInfo_Map_clientstuff, "cl_cmd settemp \"", t, "\" \"", s, "\"\n"
-						);
-					}
+					_MapInfo_Parse_Settemp(pFilename, acl, 1, s, 1);
 				}
 			}
 			else



More information about the nexuiz-commits mailing list