From 9c3cd12202f93af682e3d7fd7b8141c2421ce1a0 Mon Sep 17 00:00:00 2001
From: MangosArentLiterature
 <58055358+MangosArentLiterature@users.noreply.github.com>
Date: Mon, 19 Apr 2021 19:44:46 -0500
Subject: [PATCH 1/9] Add a size limit to packets and a configurable maximum
 character limit for messages

- Limits packets to under 16KB
- Adds a configurable option to config.ini for setting the maximum amount of characters in an IC/OOC message
- Limits the size of OOC names to 30 chars
   - The client already limits this, but this is an added precaution.
- Limits the length of shownames to 30 chars
- Implements shownames_allowed for areas, for toggling whether shownames are allowed for messages in that area
---
 bin/config_sample/config.ini |  1 +
 include/server.h             |  5 +++++
 src/aoclient.cpp             |  4 ++++
 src/area_data.cpp            |  1 +
 src/packets.cpp              | 20 ++++++++++++++++++--
 src/server.cpp               |  4 ++++
 6 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/bin/config_sample/config.ini b/bin/config_sample/config.ini
index bd43618..a91a476 100644
--- a/bin/config_sample/config.ini
+++ b/bin/config_sample/config.ini
@@ -18,6 +18,7 @@ logbuffer=500
 logging=modcall
 maximum_statements=10
 multiclient_limit=15
+maximum_characters=256
 
 [Dice]
 max_value=100
diff --git a/include/server.h b/include/server.h
index f96fd79..230ffaf 100644
--- a/include/server.h
+++ b/include/server.h
@@ -286,6 +286,11 @@ class Server : public QObject {
      */
     int multiclient_limit;
 
+    /**
+     * @brief Integer representing the maximum amount of characters an IC or OOC message can contain.
+     */
+    int max_chars;
+
   public slots:
     /**
      * @brief Handles a new connection.
diff --git a/src/aoclient.cpp b/src/aoclient.cpp
index 5ccfdf6..459bff5 100644
--- a/src/aoclient.cpp
+++ b/src/aoclient.cpp
@@ -73,6 +73,10 @@ void AOClient::handlePacket(AOPacket packet)
     AreaData* area = server->areas[current_area];
     PacketInfo info = packets.value(packet.header, {false, 0, &AOClient::pktDefault});
 
+    if (packet.contents.join("").size() > 16384) {
+        return;
+    }
+
     if (!checkAuth(info.acl_mask)) {
         return;
     }
diff --git a/src/area_data.cpp b/src/area_data.cpp
index 8289dc3..1e5f224 100644
--- a/src/area_data.cpp
+++ b/src/area_data.cpp
@@ -41,6 +41,7 @@ AreaData::AreaData(QString p_name, int p_index) :
     blankposting_allowed = areas_ini.value("blankposting_allowed","true").toBool();
     force_immediate = areas_ini.value("force_immediate", "false").toBool();
     toggle_music = areas_ini.value("toggle_music", "true").toBool();
+    showname_allowed = areas_ini.value("shownames_allowed", "true").toBool();
     areas_ini.endGroup();
     QSettings config_ini("config/config.ini", QSettings::IniFormat);
     config_ini.beginGroup("Options");
diff --git a/src/packets.cpp b/src/packets.cpp
index 98e25af..9c9459c 100644
--- a/src/packets.cpp
+++ b/src/packets.cpp
@@ -180,9 +180,14 @@ void AOClient::pktOocChat(AreaData* area, int argc, QStringList argv, AOPacket p
     ooc_name = dezalgo(argv[0]).replace(QRegExp("\\[|\\]|\\{|\\}|\\#|\\$|\\%|\\&"), ""); // no fucky wucky shit here
     if (ooc_name.isEmpty() || ooc_name == server->server_name) // impersonation & empty name protection
         return;
+
+    if (ooc_name.length() > 30) {
+        sendServerMessage("Your name is too long! Please limit it to under 30 characters.");
+        return;
+    }
     
     QString message = dezalgo(argv[1]);
-    if (message.length() == 0)
+    if (message.length() == 0 || message.length() > server->max_chars)
         return;
     AOPacket final_packet("CT", {ooc_name, message, "0"});
     if(message.at(0) == '/') {
@@ -456,7 +461,6 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
     // and outgoing packets are different. Just RTFM.
 
     AOPacket invalid("INVALID", {});
-
     QStringList args;
     if (current_char == "" || !joined)
         // Spectators cannot use IC
@@ -501,6 +505,9 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
     args.append(emote);
 
     // message text
+    if (incoming_args[4].toString().size() > server->max_chars)
+        return invalid;
+
     QString incoming_msg = dezalgo(incoming_args[4].toString().trimmed());
     if (!area->last_ic_message.isEmpty()
             && incoming_msg == area->last_ic_message[4]
@@ -607,6 +614,15 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
     if (incoming_args.length() > 15) {
         // showname
         QString incoming_showname = dezalgo(incoming_args[15].toString().trimmed());
+        if (!(incoming_showname == current_char || incoming_showname.isEmpty()) && !area->showname_allowed) {
+            sendServerMessage("Shownames are not allowed in this area!");
+            return invalid;
+        }
+        if (incoming_showname.length() > 30) {
+            sendServerMessage("Your showname is too long! Please limit it to under 30 characters");
+            return invalid;
+        }
+
         // if the raw input is not empty but the trimmed input is, use a single space
         if (incoming_showname.isEmpty() && !incoming_args[15].toString().isEmpty())
             incoming_showname = " ";
diff --git a/src/server.cpp b/src/server.cpp
index 30dea51..727a71b 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -283,6 +283,10 @@ void Server::loadServerConfig()
     multiclient_limit = config.value("multiclient_limit", "15").toInt(&multiclient_limit_conversion_success);
     if (!multiclient_limit_conversion_success)
         multiclient_limit = 15;
+    bool max_char_conversion_success;
+    max_chars = config.value("maximum_characters", "256").toInt(&max_char_conversion_success);
+    if (!max_char_conversion_success)
+        max_chars = 256;
     config.endGroup();
 
     //Load dice values

From 2f69b512800a08bc2443452060a193b532709c3f Mon Sep 17 00:00:00 2001
From: MangosArentLiterature
 <58055358+MangosArentLiterature@users.noreply.github.com>
Date: Tue, 20 Apr 2021 11:51:22 -0500
Subject: [PATCH 2/9] Limit the amount of data the server will read

Set a hard limit on 30KB that the server is willing to read, over two sequential reads. If the client sends more than 30KB combined, the server will disconnect the client.
---
 include/aoclient.h | 5 +++++
 src/aoclient.cpp   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/include/aoclient.h b/include/aoclient.h
index 71ddf6f..1c2f799 100644
--- a/include/aoclient.h
+++ b/include/aoclient.h
@@ -2049,6 +2049,11 @@ class AOClient : public QObject {
      * @param incoming_message QString to be decoded.
      */
     QString decodeMessage(QString incoming_message);
+
+    /**
+     * @brief The size, in bytes, of the last data the client sent to the server.
+     */
+    int last_read;
 };
 
 #endif // AOCLIENT_H
diff --git a/src/aoclient.cpp b/src/aoclient.cpp
index 459bff5..1fc9c92 100644
--- a/src/aoclient.cpp
+++ b/src/aoclient.cpp
@@ -19,7 +19,12 @@
 
 void AOClient::clientData()
 {
+    if (last_read + socket->bytesAvailable() > 30720) { // Client can send a max of 30KB to the server over two sequential reads
+        socket->close();
+    }
+
     QString data = QString::fromUtf8(socket->readAll());
+    last_read = data.size();
 
     if (is_partial) {
         data = partial_packet + data;

From 5e053265371d15f3c806bafe85791a60c2a28296 Mon Sep 17 00:00:00 2001
From: Salanto <support@salanto.de>
Date: Tue, 20 Apr 2021 23:09:16 +0200
Subject: [PATCH 3/9] Fix Server Crash when deleting statements during
 recording

---
 src/commands/casing.cpp    | 2 +-
 src/packets.cpp            | 2 +-
 src/testimony_recorder.cpp | 7 ++++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/commands/casing.cpp b/src/commands/casing.cpp
index f7050ea..a83cb94 100644
--- a/src/commands/casing.cpp
+++ b/src/commands/casing.cpp
@@ -107,7 +107,6 @@ void AOClient::cmdTestify(int argc, QStringList argv)
     }
     else {
         clearTestimony();
-        area->statement = 0;
         area->test_rec = AreaData::TestimonyRecording::RECORDING;
         sendServerMessage("Started testimony recording.");
     }
@@ -157,6 +156,7 @@ void AOClient::cmdDeleteStatement(int argc, QStringList argv)
     }
     if (c_statement > 0 && area->testimony.size() > 2) {
         area->testimony.remove(c_statement);
+        area->statement = c_statement - 1;
         sendServerMessage("The statement with id " + QString::number(c_statement) + " has been deleted from the testimony.");
     }
 }
diff --git a/src/packets.cpp b/src/packets.cpp
index 98e25af..c054609 100644
--- a/src/packets.cpp
+++ b/src/packets.cpp
@@ -718,7 +718,7 @@ AOPacket AOClient::validateIcPacket(AOPacket packet)
         if (args[5] != "wit")
             return AOPacket("MS", args);
 
-        if (area->statement == 0) {
+        if (area->statement == -1) {
             args[4] = "~~\\n-- " + args[4] + " --";
             args[14] = "3";
             server->broadcast(AOPacket("RT",{"testimony1"}), current_area);
diff --git a/src/testimony_recorder.cpp b/src/testimony_recorder.cpp
index 01178b5..312ebf9 100644
--- a/src/testimony_recorder.cpp
+++ b/src/testimony_recorder.cpp
@@ -23,15 +23,15 @@ void AOClient::addStatement(QStringList packet)
 {
     AreaData* area = server->areas[current_area];
     int c_statement = area->statement;
-    if (c_statement >= 0) {
+    if (c_statement >= -1) {
         if (area->test_rec == AreaData::TestimonyRecording::RECORDING) {
             if (c_statement <= server->maximum_statements) {
-                if (c_statement == 0)
+                if (c_statement == -1)
                     packet[14] = "3";
                 else
                     packet[14] = "1";
-                area->testimony.append(packet);
                 area->statement = c_statement + 1;
+                area->testimony.append(packet);
                 return;
             }
             else {
@@ -70,6 +70,7 @@ void AOClient::clearTestimony()
 {
     AreaData* area = server->areas[current_area];
     area->test_rec = AreaData::TestimonyRecording::STOPPED;
+    area->statement = -1;
     area->testimony.clear(); //!< Empty out the QVector
     area->testimony.squeeze(); //!< Release memory. Good idea? God knows, I do not.
 }

From e56fc07713821f2f4d281827442a7d86b1aa78c8 Mon Sep 17 00:00:00 2001
From: MangosArentLiterature
 <58055358+MangosArentLiterature@users.noreply.github.com>
Date: Tue, 20 Apr 2021 19:34:22 -0500
Subject: [PATCH 4/9] Revert "Merge branch 'master' into master"

This reverts commit 1b7c53bc012b5fc73b2b2938b0e75d3f5b9f6596, reversing
changes made to f6a52f73784115619210d917622bac70fe08ac0e.
---
 src/packets.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/packets.cpp b/src/packets.cpp
index 498ed9f..98e25af 100644
--- a/src/packets.cpp
+++ b/src/packets.cpp
@@ -322,6 +322,7 @@ void AOClient::pktModCall(AreaData* area, int argc, QStringList argv, AOPacket p
             client->sendPacket(packet);
     }
     area->logger->logModcall(this, &packet);
+    area->logger->flush();
 }
 
 void AOClient::pktAddEvidence(AreaData* area, int argc, QStringList argv, AOPacket packet)

From 87fe5c214dbca69e6d67e5b701277555e995a62a Mon Sep 17 00:00:00 2001
From: in1tiate <radwoodward@vikings.grayson.edu>
Date: Thu, 22 Apr 2021 20:02:18 -0500
Subject: [PATCH 5/9] Update all QSettings instances to use UTF-8

---
 src/area_data.cpp      | 2 ++
 src/config_manager.cpp | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/src/area_data.cpp b/src/area_data.cpp
index 1e5f224..dfedd32 100644
--- a/src/area_data.cpp
+++ b/src/area_data.cpp
@@ -32,6 +32,7 @@ AreaData::AreaData(QString p_name, int p_index) :
     name_split.removeFirst();
     name = name_split.join(":");
     QSettings areas_ini("config/areas.ini", QSettings::IniFormat);
+    areas_ini.setIniCodec("UTF-8");
     areas_ini.beginGroup(p_name);
     background = areas_ini.value("background", "gs4").toString();
     is_protected = areas_ini.value("protected_area", "false").toBool();
@@ -44,6 +45,7 @@ AreaData::AreaData(QString p_name, int p_index) :
     showname_allowed = areas_ini.value("shownames_allowed", "true").toBool();
     areas_ini.endGroup();
     QSettings config_ini("config/config.ini", QSettings::IniFormat);
+    config_ini.setIniCodec("UTF-8");
     config_ini.beginGroup("Options");
     int log_size = config_ini.value("logbuffer", 50).toInt();
     log_type = config_ini.value("logger","modcall").toString();
diff --git a/src/config_manager.cpp b/src/config_manager.cpp
index 048bd4d..2fb2186 100644
--- a/src/config_manager.cpp
+++ b/src/config_manager.cpp
@@ -21,6 +21,7 @@
 bool ConfigManager::initConfig()
 {
     QSettings config("config/config.ini", QSettings::IniFormat);
+    config.setIniCodec("UTF-8");
     QFileInfo config_dir_info("config/");
     if (!config_dir_info.exists() || !config_dir_info.isDir()) {
         qCritical() << "Config directory doesn't exist!";
@@ -39,6 +40,7 @@ bool ConfigManager::initConfig()
     }
     else {
         QSettings areas_ini("config/areas.ini", QSettings::IniFormat);
+        areas_ini.setIniCodec("UTF-8");
         if (areas_ini.childGroups().length() < 1) {
             qCritical() << "areas.ini is invalid!";
             return false;
@@ -105,6 +107,7 @@ bool ConfigManager::initConfig()
 bool ConfigManager::updateConfig(int current_version)
 {
     QSettings config("config/config.ini", QSettings::IniFormat);
+    config.setIniCodec("UTF-8");
     if (current_version > CONFIG_VERSION) {
         // Config version is newer than the latest version, and the config is
         // invalid This could also mean the server is out of date, and the user
@@ -137,6 +140,7 @@ bool ConfigManager::updateConfig(int current_version)
 bool ConfigManager::loadServerSettings(server_settings* settings)
 {
     QSettings config("config/config.ini", QSettings::IniFormat);
+    config.setIniCodec("UTF-8");
     bool port_conversion_success;
     bool ws_port_conversion_success;
     bool local_port_conversion_success;

From 5f07cbeff7904fdd082ab4eadf42c025bb99cc03 Mon Sep 17 00:00:00 2001
From: scatterflower <marisaposs@gameboyprinter.moe>
Date: Fri, 23 Apr 2021 00:32:44 -0500
Subject: [PATCH 6/9] version bump

---
 src/main.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.cpp b/src/main.cpp
index e8b63e0..ab475d3 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -36,7 +36,7 @@ int main(int argc, char* argv[])
 {
     QCoreApplication app(argc, argv);
     QCoreApplication::setApplicationName("akashi");
-    QCoreApplication::setApplicationVersion("apricot r3 prerelease");
+    QCoreApplication::setApplicationVersion("banana");
     std::atexit(cleanup);
 
     ConfigManager config_manager;

From 13d03476dad8ec1da07c9fc36c77a9b422fa115d Mon Sep 17 00:00:00 2001
From: Salanto <support@salanto.de>
Date: Fri, 23 Apr 2021 17:24:34 +0200
Subject: [PATCH 7/9] Fix-#101

---
 src/commands/area.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/commands/area.cpp b/src/commands/area.cpp
index efa55f1..58a8d6b 100644
--- a/src/commands/area.cpp
+++ b/src/commands/area.cpp
@@ -291,6 +291,7 @@ void AOClient::cmdStatus(int argc, QStringList argv)
         return;
     }
     arup(ARUPType::STATUS, true);
+    sendServerMessage(ooc_name + " changed status to " + arg);
 }
 
 void AOClient::cmdJudgeLog(int argc, QStringList argv)

From 532a48cd1df07be37f43bbf313f4264baedf3907 Mon Sep 17 00:00:00 2001
From: Salanto <support@salanto.de>
Date: Fri, 23 Apr 2021 17:25:08 +0200
Subject: [PATCH 8/9] Update area.cpp

---
 src/commands/area.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/commands/area.cpp b/src/commands/area.cpp
index 58a8d6b..8ae19af 100644
--- a/src/commands/area.cpp
+++ b/src/commands/area.cpp
@@ -291,7 +291,7 @@ void AOClient::cmdStatus(int argc, QStringList argv)
         return;
     }
     arup(ARUPType::STATUS, true);
-    sendServerMessage(ooc_name + " changed status to " + arg);
+    sendServerMessageArea(ooc_name + " changed status to " + arg);
 }
 
 void AOClient::cmdJudgeLog(int argc, QStringList argv)

From e44f6870306468c7ef3ac299a8fbca186c2f4727 Mon Sep 17 00:00:00 2001
From: scatterflower <marisaposs@gameboyprinter.moe>
Date: Sun, 25 Apr 2021 12:57:02 -0500
Subject: [PATCH 9/9] fix crash due to empty packets

---
 src/aopacket.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/aopacket.cpp b/src/aopacket.cpp
index 2d16997..9eb703b 100644
--- a/src/aopacket.cpp
+++ b/src/aopacket.cpp
@@ -25,6 +25,9 @@ AOPacket::AOPacket(QString p_header, QStringList p_contents)
 
 AOPacket::AOPacket(QString p_packet)
 {
+    if (p_packet.isEmpty())
+        return;
+
     QStringList packet_contents = p_packet.split("#");
     if (p_packet.at(0) == '#') {
         // The header is encrypted with FantaCrypt