Sanitize command input (fixes #67)

This commit is contained in:
Timo Smit 2017-01-21 14:32:48 +01:00
parent 449e6c856f
commit 7dce37972b
10 changed files with 10 additions and 10 deletions

View file

@ -30,7 +30,7 @@ function commandBan(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dban usage: "..commands.getadmin("ban")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dban usage: "..commands.getadmin("ban")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -29,7 +29,7 @@ function commandFinger(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dfinger usage: "..commands.getadmin("finger")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dfinger usage: "..commands.getadmin("finger")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -28,7 +28,7 @@ function commandGib(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dgib usage: "..commands.getadmin("gib")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dgib usage: "..commands.getadmin("gib")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -29,7 +29,7 @@ function commandKick(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dkick usage: "..commands.getadmin("kick")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dkick usage: "..commands.getadmin("kick")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -33,7 +33,7 @@ function commandMute(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dmute usage: "..commands.getadmin("mute")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dmute usage: "..commands.getadmin("mute")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -26,7 +26,7 @@ function commandPlayerLock(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dput usage: "..commands.getadmin("put")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dput usage: "..commands.getadmin("put")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -49,7 +49,7 @@ function commandSetLevel(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel usage: "..commands.getadmin("setlevel")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel usage: "..commands.getadmin("setlevel")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -28,7 +28,7 @@ function commandSlap(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dslap usage: "..commands.getadmin("slap")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dslap usage: "..commands.getadmin("slap")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -30,7 +30,7 @@ function commandUnmute(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dunmute usage: "..commands.getadmin("unmute")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dunmute usage: "..commands.getadmin("unmute")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])

View file

@ -56,7 +56,7 @@ function commandWarn(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dwarn usage: "..commands.getadmin("warn")["syntax"].."\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dwarn usage: "..commands.getadmin("warn")["syntax"].."\";")
return true return true
elseif tonumber(cmdArguments[1]) == nil then elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
cmdClient = et.ClientNumberFromString(cmdArguments[1]) cmdClient = et.ClientNumberFromString(cmdArguments[1])
else else
cmdClient = tonumber(cmdArguments[1]) cmdClient = tonumber(cmdArguments[1])