cidoku/AO2XP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent html injection in chatlogs

Browse Source
This commit is contained in:
cidoku 2025-10-08 23:00:15 -03:00
parent 1ae52c3e7b
commit 4cd74883b6
2 changed files with 8 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
gameview.py
View File

@ -210,20 +210,6 @@ class ChatLogs(QtGui.QTextEdit):
self.logfile = "logs/%d-%02d-%02d %02d.%02d.%02d [OOC].log" % (currtime[0], currtime[1], currtime[2], currtime[3], currtime[4], currtime[5])
else:
self.logfile = None
# def mouseMoveEvent(self, e):
# super(ChatLogs, self).mouseMoveEvent(e)
# self.anchor = self.anchorAt(e.pos())
# if self.anchor:
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.PointingHandCursor)
# else:
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.ArrowCursor)
# def mouseReleaseEvent(self, e):
# if self.anchor:
# QtGui.QDesktopServices.openUrl(QtCore.QUrl(self.anchor))
# self.anchor = None
# QtGui.QApplication.setOverrideCursor(QtCore.Qt.ArrowCursor)
def __del__(self):
if self.savelog:
@ -250,11 +236,7 @@ class ChatLogs(QtGui.QTextEdit):
logfile.write("[OOC] " + text_.replace("<b>", "").replace("</b>", "") +"\n")
else:
logfile.write(text_.replace("<b>", "").replace("</b>", "") +"\n")
# if "http" in text:
# text = unicode(text) # Get rid of QStrings
# text = re.sub(URL_REGEX, r'<a href="\g<0>">\g<0></a>', text)
super(ChatLogs, self).append(text)
class AOCharMovie(QtGui.QLabel):
@ -3054,7 +3036,7 @@ class GUI(QtGui.QWidget):
logcharName += " (???)"
if evidence == -1:
self.ICLog.append(timestamp + '%s: %s' % (logcharName, chatmsg))
self.ICLog.append(timestamp + '%s: %s' % (logcharName, chatmsg.replace("<", "&lt;")))
else:
eviname = '(NULL) %d' % evidence
try:
@ -3496,7 +3478,7 @@ class GUI(QtGui.QWidget):
callwords = [line.rstrip() for line in f]
for callword in callwords:
if callword.decode('utf-8').lower() in self.mChatMessage[CHATMSG].lower().split(" "):
self.OOCLog.append("<b>%s called you.</b>" % fChar)
self.OOCLog.append("<b>%s called you:</b> %s" % (fChar, self.mChatMessage[CHATMSG]))
QtGui.QApplication.alert(self, 1000)
snd = audio.loadHandle(False, "word_call.wav", 0, 0, BASS_STREAM_AUTOFREE)
if snd:
@ -3608,11 +3590,11 @@ class GUI(QtGui.QWidget):
fCharacter2 = fMessage[self.tickPos]
fCharacter = QtCore.QString(fCharacter2)
if fCharacter == " ":
self.text.insertPlainText(" ")
self.ao2text.insertPlainText(" ")
if fCharacter in [" ", "\n", "<", ">"]:
self.text.insertPlainText(fCharacter)
self.ao2text.insertPlainText(fCharacter)
elif fCharacter == "\n" or fCharacter == "\r":
elif fCharacter == "\r":
self.text.insertPlainText("\n")
self.ao2text.insertPlainText("\n")

2
packets.py
View File

@ -47,7 +47,7 @@ def handlePackets(caller, total, record=True):
elif header == 'CT':
name = decodeAOString(network[1].decode('utf-8'))
chatmsg = decodeAOString(network[2].decode('utf-8').replace("\n", "<br />"))
caller.OOC_Log.emit("<b>%s:</b> %s" % (name, chatmsg))
caller.OOC_Log.emit("<b>%s:</b> %s" % (name, chatmsg.replace("<", "&lt;")))
elif header == 'PV':
caller.parent.myChar = int(network[3])