cidoku/AO2XP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent html injection in chatlogs

Browse Source
This commit is contained in:
cidoku 2025-10-08 23:00:15 -03:00
parent 1ae52c3e7b
commit 4cd74883b6
2 changed files with 8 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
gameview.py
View File

@ -211,20 +211,6 @@ class ChatLogs(QtGui.QTextEdit):
else: else:
self.logfile = None self.logfile = None
# def mouseMoveEvent(self, e):
# super(ChatLogs, self).mouseMoveEvent(e)
# self.anchor = self.anchorAt(e.pos())
# if self.anchor:
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.PointingHandCursor)
# else:
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.ArrowCursor)
# def mouseReleaseEvent(self, e):
# if self.anchor:
# QtGui.QDesktopServices.openUrl(QtCore.QUrl(self.anchor))
# self.anchor = None
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.ArrowCursor)
def __del__(self): def __del__(self):
if self.savelog: if self.savelog:
self.logfile.close() self.logfile.close()
@ -251,10 +237,6 @@ class ChatLogs(QtGui.QTextEdit):
else: else:
logfile.write(text_.replace("<b>", "").replace("</b>", "") +"\n") logfile.write(text_.replace("<b>", "").replace("</b>", "") +"\n")
# if "http" in text:
# text = unicode(text) # Get rid of QStrings
# text = re.sub(URL_REGEX, r'<a href="\g<0>">\g<0></a>', text)
super(ChatLogs, self).append(text) super(ChatLogs, self).append(text)
class AOCharMovie(QtGui.QLabel): class AOCharMovie(QtGui.QLabel):
@ -3054,7 +3036,7 @@ class GUI(QtGui.QWidget):
logcharName += " (???)" logcharName += " (???)"
if evidence == -1: if evidence == -1:
self.ICLog.append(timestamp + '%s: %s' % (logcharName, chatmsg)) self.ICLog.append(timestamp + '%s: %s' % (logcharName, chatmsg.replace("<", "&lt;")))
else: else:
eviname = '(NULL) %d' % evidence eviname = '(NULL) %d' % evidence
try: try:
@ -3496,7 +3478,7 @@ class GUI(QtGui.QWidget):
callwords = [line.rstrip() for line in f] callwords = [line.rstrip() for line in f]
for callword in callwords: for callword in callwords:
if callword.decode('utf-8').lower() in self.mChatMessage[CHATMSG].lower().split(" "): if callword.decode('utf-8').lower() in self.mChatMessage[CHATMSG].lower().split(" "):
self.OOCLog.append("<b>%s called you.</b>" % fChar) self.OOCLog.append("<b>%s called you:</b> %s" % (fChar, self.mChatMessage[CHATMSG]))
QtGui.QApplication.alert(self, 1000) QtGui.QApplication.alert(self, 1000)
snd = audio.loadHandle(False, "word_call.wav", 0, 0, BASS_STREAM_AUTOFREE) snd = audio.loadHandle(False, "word_call.wav", 0, 0, BASS_STREAM_AUTOFREE)
if snd: if snd:
@ -3608,11 +3590,11 @@ class GUI(QtGui.QWidget):
fCharacter2 = fMessage[self.tickPos] fCharacter2 = fMessage[self.tickPos]
fCharacter = QtCore.QString(fCharacter2) fCharacter = QtCore.QString(fCharacter2)
if fCharacter == " ": if fCharacter in [" ", "\n", "<", ">"]:
self.text.insertPlainText(" ") self.text.insertPlainText(fCharacter)
self.ao2text.insertPlainText(" ") self.ao2text.insertPlainText(fCharacter)
elif fCharacter == "\n" or fCharacter == "\r": elif fCharacter == "\r":
self.text.insertPlainText("\n") self.text.insertPlainText("\n")
self.ao2text.insertPlainText("\n") self.ao2text.insertPlainText("\n")

2
packets.py
View File

@ -47,7 +47,7 @@ def handlePackets(caller, total, record=True):
elif header == 'CT': elif header == 'CT':
name = decodeAOString(network[1].decode('utf-8')) name = decodeAOString(network[1].decode('utf-8'))
chatmsg = decodeAOString(network[2].decode('utf-8').replace("\n", "<br />")) chatmsg = decodeAOString(network[2].decode('utf-8').replace("\n", "<br />"))
caller.OOC_Log.emit("<b>%s:</b> %s" % (name, chatmsg)) caller.OOC_Log.emit("<b>%s:</b> %s" % (name, chatmsg.replace("<", "&lt;")))
elif header == 'PV': elif header == 'PV':
caller.parent.myChar = int(network[3]) caller.parent.myChar = int(network[3])