From 2a229541efcc8390d99fbdb92365fd54e4beb442 Mon Sep 17 00:00:00 2001 From: Pyraqq <46277816+Pyraqq@users.noreply.github.com> Date: Thu, 8 Jul 2021 17:54:27 +0200 Subject: [PATCH 1/2] Prevent testimony messages containing "<" and ">". --- core/include/aoclient.h | 9 +++++++++ core/src/testimony_recorder.cpp | 22 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/core/include/aoclient.h b/core/include/aoclient.h index 9aefdf5..a38b8fc 100644 --- a/core/include/aoclient.h +++ b/core/include/aoclient.h @@ -1905,6 +1905,15 @@ class AOClient : public QObject { */ bool checkPasswordRequirements(QString username, QString password); + /** + * @brief Checks if a testimony contains '<' or '>'. + * + * @param message The IC Message that might contain unproper symbols. + * + * @return True if it contains '<' or '>' symbols, otherwise false. + */ + + bool checkTestimonySymbols(QString message); ///@} /** diff --git a/core/src/testimony_recorder.cpp b/core/src/testimony_recorder.cpp index 45ad35d..3bf3c00 100644 --- a/core/src/testimony_recorder.cpp +++ b/core/src/testimony_recorder.cpp @@ -21,6 +21,9 @@ void AOClient::addStatement(QStringList packet) { + if (checkTestimonySymbols(packet[4])) { + return; + } AreaData* area = server->areas[current_area]; int c_statement = area->statement(); if (c_statement >= -1) { @@ -38,9 +41,9 @@ void AOClient::addStatement(QStringList packet) } } else if (area->testimonyRecording() == AreaData::TestimonyRecording::ADD) { - packet[14] = "1"; - area->addStatement(c_statement, packet); - area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK); + packet[14] = "1"; + area->addStatement(c_statement, packet); + area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK); } else { sendServerMessage("Unable to add more statements. The maximum amount of statements has been reached."); @@ -51,6 +54,9 @@ void AOClient::addStatement(QStringList packet) QStringList AOClient::updateStatement(QStringList packet) { + if (checkTestimonySymbols(packet[4])) { + return packet; + } AreaData* area = server->areas[current_area]; int c_statement = area->statement(); area->setTestimonyRecording(AreaData::TestimonyRecording::PLAYBACK); @@ -70,3 +76,13 @@ void AOClient::clearTestimony() AreaData* area = server->areas[current_area]; area->clearTestimony(); } + +bool AOClient::checkTestimonySymbols(QString message) +{ + if (message.contains('>') || message.contains('<')) { + sendServerMessage("Unable to add statements containing '>' or '<'."); + return true; + } + else + return false; +} From 6071a6242e98afbef113d9e0ca617beb3d0ceced Mon Sep 17 00:00:00 2001 From: Pyraqq <46277816+Pyraqq@users.noreply.github.com> Date: Thu, 8 Jul 2021 21:02:44 +0200 Subject: [PATCH 2/2] Make QString a const. --- core/include/aoclient.h | 3 +-- core/src/testimony_recorder.cpp | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/core/include/aoclient.h b/core/include/aoclient.h index a38b8fc..4a16167 100644 --- a/core/include/aoclient.h +++ b/core/include/aoclient.h @@ -1912,8 +1912,7 @@ class AOClient : public QObject { * * @return True if it contains '<' or '>' symbols, otherwise false. */ - - bool checkTestimonySymbols(QString message); + bool checkTestimonySymbols(const QString& message); ///@} /** diff --git a/core/src/testimony_recorder.cpp b/core/src/testimony_recorder.cpp index 3bf3c00..3b65b09 100644 --- a/core/src/testimony_recorder.cpp +++ b/core/src/testimony_recorder.cpp @@ -77,12 +77,11 @@ void AOClient::clearTestimony() area->clearTestimony(); } -bool AOClient::checkTestimonySymbols(QString message) +bool AOClient::checkTestimonySymbols(const QString& message) { if (message.contains('>') || message.contains('<')) { sendServerMessage("Unable to add statements containing '>' or '<'."); return true; } - else - return false; + return false; }