Merge pull request #151 from Pyraqq/testimony-check

Prevent testimony messages containing "<" and ">".
2021-07-12 15:27:57 -05:00 · 2021-07-12 15:27:57 -05:00 · 5b99fc4e16
commit 5b99fc4e16
parent a6050a460d 6071a6242e
2 changed files with 26 additions and 3 deletions
--- a/core/include/aoclient.h
+++ b/core/include/aoclient.h
@ -1905,6 +1905,14 @@ class AOClient : public QObject {
     */
    bool checkPasswordRequirements(QString username, QString password);
    
+    /**
+     * @brief Checks if a testimony contains '<' or '>'.
+     *
+     * @param message The IC Message that might contain unproper symbols.
+     *
+     * @return True if it contains '<' or '>' symbols, otherwise false.
+     */
+    bool checkTestimonySymbols(const QString& message);
    ///@}

    /**
--- a/core/src/testimony_recorder.cpp
+++ b/core/src/testimony_recorder.cpp
@ -21,6 +21,9 @@

 void AOClient::addStatement(QStringList packet)
 {
+    if (checkTestimonySymbols(packet[4])) {
+        return;
+    }
    AreaData* area = server->areas[current_area];
    int c_statement = area->statement();
    if (c_statement >= -1) {
@ -38,9 +41,9 @@ void AOClient::addStatement(QStringList packet)
            }
        }
        else if (area->testimonyRecording() == AreaData::TestimonyRecording::ADD) {
-               packet[14] = "1";
-               area->addStatement(c_statement, packet);
-               area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
+                packet[14] = "1";
+                area->addStatement(c_statement, packet);
+                area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
            }
            else {
                sendServerMessage("Unable to add more statements. The maximum amount of statements has been reached.");
@ -51,6 +54,9 @@ void AOClient::addStatement(QStringList packet)

 QStringList AOClient::updateStatement(QStringList packet)
 {
+    if (checkTestimonySymbols(packet[4])) {
+        return packet;
+    }
    AreaData* area = server->areas[current_area];
    int c_statement = area->statement();
    area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK);
@ -70,3 +76,12 @@ void AOClient::clearTestimony()
    AreaData* area = server->areas[current_area];
    area->clearTestimony();
 }
+
+bool AOClient::checkTestimonySymbols(const QString& message)
+{
+    if (message.contains('>') || message.contains('<')) {
+        sendServerMessage("Unable to add statements containing '>' or '<'.");
+        return true;
+    }
+    return false;
+}