etlegacy
/
wolfadmin
mirror of https://github.com/etlegacy/wolfadmin.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitizing client input (refs #67)

This commit is contained in:
Timo Smit 2017-02-08 14:48:56 +01:00
parent 56d822b417
commit 68688385a0
19 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luamods/wolfadmin/commands/admin/ban.lua
View File

@ -30,7 +30,7 @@ function commandBan(clientId, command, victim, ...)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dban usage: "..commands.getadmin("ban")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/finger.lua
View File

@ -29,7 +29,7 @@ function commandFinger(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dfinger usage: "..commands.getadmin("finger")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/gib.lua
View File

@ -28,7 +28,7 @@ function commandGib(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dgib usage: "..commands.getadmin("gib")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/kick.lua
View File

@ -29,7 +29,7 @@ function commandKick(clientId, command, victim, ...)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dkick usage: "..commands.getadmin("kick")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/listaliases.lua
View File

@ -36,7 +36,7 @@ function commandListAliases(clientId, command, victim, offset)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dlistaliases usage: "..commands.getadmin("listaliases")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/listlevels.lua
View File

@ -68,7 +68,7 @@ function commandListLevels(clientId, command, victim, offset)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dlistlevels: ^9level history is disabled.\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/mute.lua
View File

@ -33,7 +33,7 @@ function commandMute(clientId, command, victim, ...)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dmute usage: "..commands.getadmin("mute")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/plock.lua
View File

@ -28,7 +28,7 @@ function commandPlayerLock(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dplock usage: "..commands.getadmin("plock")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/punlock.lua
View File

@ -28,7 +28,7 @@ function commandPlayerUnlock(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dpunlock usage: "..commands.getadmin("punlock")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/put.lua
View File

@ -30,7 +30,7 @@ function commandPlayerLock(clientId, command, victim, team)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dput usage: "..commands.getadmin("put")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

4
luamods/wolfadmin/commands/admin/setlevel.lua
View File

@ -28,7 +28,7 @@ local settings = require (wolfa_getLuaPath()..".util.settings")
function commandSetLevel(clientId, command, victim, level)
if not victim or not level then
return false
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)
@ -59,7 +59,7 @@ function commandSetLevel(clientId, command, victim, level)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel usage: "..commands.getadmin("setlevel")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/showhistory.lua
View File

@ -36,7 +36,7 @@ function commandListHistory(clientId, command, victim, offset)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dshowhistory usage: "..commands.getadmin("showwarns")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/slap.lua
View File

@ -28,7 +28,7 @@ function commandSlap(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dslap usage: "..commands.getadmin("slap")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/stats.lua
View File

@ -26,7 +26,7 @@ function commandShowStats(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dstats usage: "..commands.getadmin("stats")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/unmute.lua
View File

@ -30,7 +30,7 @@ function commandUnmute(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dunmute usage: "..commands.getadmin("unmute")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/vmute.lua
View File

@ -31,7 +31,7 @@ function commandVoiceMute(clientId, command, victim, ...)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dvmute usage: "..commands.getadmin("vmute")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/admin/vunmute.lua
View File

@ -26,7 +26,7 @@ function commandVoiceUnmute(clientId, command, victim)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dvunmute usage: "..commands.getadmin("vunmute")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

4
luamods/wolfadmin/commands/admin/warn.lua
View File

@ -32,7 +32,7 @@ function commandWarn(clientId, command, victim, ...)
return false
elseif not victim or not ... then
return false
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)
@ -55,7 +55,7 @@ function commandWarn(clientId, command, victim, ...)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dwarn usage: "..commands.getadmin("warn")["syntax"].."\";")
return true
elseif tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
elseif tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)

2
luamods/wolfadmin/commands/commands.lua
View File

@ -128,7 +128,7 @@ function commands.log(clientId, command, victim, ...)
if victim then
local cmdClient
if tonumber(victim) == nil or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
if tonumber(victim) == nil or tonumber(victim) < 0 or tonumber(victim) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(victim)
else
cmdClient = tonumber(victim)