Merge pull request #151 from Pyraqq/testimony-check

Prevent testimony messages containing "<" and ">".
This commit is contained in:
scatterflower 2021-07-12 15:27:57 -05:00 committed by GitHub
commit 5b99fc4e16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 3 deletions

View File

@ -1905,6 +1905,14 @@ class AOClient : public QObject {
*/
bool checkPasswordRequirements(QString username, QString password);
/**
* @brief Checks if a testimony contains '<' or '>'.
*
* @param message The IC Message that might contain unproper symbols.
*
* @return True if it contains '<' or '>' symbols, otherwise false.
*/
bool checkTestimonySymbols(const QString& message);
///@}
/**

View File

@ -21,6 +21,9 @@
void AOClient::addStatement(QStringList packet)
{
if (checkTestimonySymbols(packet[4])) {
return;
}
AreaData* area = server->areas[current_area];
int c_statement = area->statement();
if (c_statement >= -1) {
@ -38,9 +41,9 @@ void AOClient::addStatement(QStringList packet)
}
}
else if (area->testimonyRecording() == AreaData::TestimonyRecording::ADD) {
packet[14] = "1";
area->addStatement(c_statement, packet);
area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
packet[14] = "1";
area->addStatement(c_statement, packet);
area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
}
else {
sendServerMessage("Unable to add more statements. The maximum amount of statements has been reached.");
@ -51,6 +54,9 @@ void AOClient::addStatement(QStringList packet)
QStringList AOClient::updateStatement(QStringList packet)
{
if (checkTestimonySymbols(packet[4])) {
return packet;
}
AreaData* area = server->areas[current_area];
int c_statement = area->statement();
area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
@ -70,3 +76,12 @@ void AOClient::clearTestimony()
AreaData* area = server->areas[current_area];
area->clearTestimony();
}
bool AOClient::checkTestimonySymbols(const QString& message)
{
if (message.contains('>') || message.contains('<')) {
sendServerMessage("Unable to add statements containing '>' or '<'.");
return true;
}
return false;
}