Browse Source

engine: client: protect messagemode from command injection too

pull/2/head
Alibek Omarov 3 years ago committed by a1batross
parent
commit
c6648a69ba
  1. 11
      engine/client/console.c

11
engine/client/console.c

@ -33,6 +33,8 @@ convar_t *con_color;
static int g_codepage = 0; static int g_codepage = 0;
static qboolean g_utf8 = false; static qboolean g_utf8 = false;
static qboolean g_messagemode_privileged = true;
#define CON_TIMES 4 // notify lines #define CON_TIMES 4 // notify lines
#define CON_MAX_TIMES 64 // notify max lines #define CON_MAX_TIMES 64 // notify max lines
#define COLOR_DEFAULT '7' #define COLOR_DEFAULT '7'
@ -242,6 +244,8 @@ Con_MessageMode_f
*/ */
void Con_MessageMode_f( void ) void Con_MessageMode_f( void )
{ {
g_messagemode_privileged = Cmd_CurrentCommandIsPrivileged();
if( Cmd_Argc() == 2 ) if( Cmd_Argc() == 2 )
Q_strncpy( con.chat_cmd, Cmd_Argv( 1 ), sizeof( con.chat_cmd )); Q_strncpy( con.chat_cmd, Cmd_Argv( 1 ), sizeof( con.chat_cmd ));
else Q_strncpy( con.chat_cmd, "say", sizeof( con.chat_cmd )); else Q_strncpy( con.chat_cmd, "say", sizeof( con.chat_cmd ));
@ -256,6 +260,8 @@ Con_MessageMode2_f
*/ */
void Con_MessageMode2_f( void ) void Con_MessageMode2_f( void )
{ {
g_messagemode_privileged = Cmd_CurrentCommandIsPrivileged();
Q_strncpy( con.chat_cmd, "say_team", sizeof( con.chat_cmd )); Q_strncpy( con.chat_cmd, "say_team", sizeof( con.chat_cmd ));
Key_SetKeyDest( key_message ); Key_SetKeyDest( key_message );
} }
@ -1865,7 +1871,10 @@ void Key_Message( int key )
if( con.chat.buffer[0] && cls.state == ca_active ) if( con.chat.buffer[0] && cls.state == ca_active )
{ {
Q_snprintf( buffer, sizeof( buffer ), "%s \"%s\"\n", con.chat_cmd, con.chat.buffer ); Q_snprintf( buffer, sizeof( buffer ), "%s \"%s\"\n", con.chat_cmd, con.chat.buffer );
Cbuf_AddText( buffer );
if( g_messagemode_privileged )
Cbuf_AddText( buffer );
else Cbuf_AddFilteredText( buffer );
} }
Key_SetKeyDest( key_game ); Key_SetKeyDest( key_game );

Loading…
Cancel
Save