Sanitizing some client input (fixes #67)

2024-11-22 12:21:43 +00:00 · 2017-01-16 19:49:00 +01:00 · 2017-01-16 19:49:00 +01:00 · c0d2aa0e92
commit c0d2aa0e92
parent 6e4b5b97a7
13 changed files with 26 additions and 26 deletions
--- a/luascripts/commands/admin/dewarn.lua
+++ b/luascripts/commands/admin/dewarn.lua
@ -35,7 +35,7 @@ function commandRemoveWarn(clientId, cmdArguments)
        cmdClient = tonumber(cmdArguments[1])
    end
    
-    if cmdClient == -1 then
+    if cmdClient == -1 or cmdClient > et.trap_Cvar_Get("sv_maxclients") then
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^ddewarn: ^9no or multiple matches for '^7"..cmdArguments[1].."^9'.\";")
        
        return true
--- a/luascripts/commands/admin/listaliases.lua
+++ b/luascripts/commands/admin/listaliases.lua
@ -31,7 +31,7 @@ function commandListAliases(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dlistaliases usage: "..commands.getadmin("listaliases")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > et.trap_Cvar_Get("sv_maxclients") then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/listlevels.lua
+++ b/luascripts/commands/admin/listlevels.lua
@ -57,7 +57,7 @@ function commandListLevels(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dlistlevels: ^9level history is disabled.\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/plock.lua
+++ b/luascripts/commands/admin/plock.lua
@ -25,7 +25,7 @@ function commandPlayerLock(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dplock usage: "..commands.getadmin("plock")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/punlock.lua
+++ b/luascripts/commands/admin/punlock.lua
@ -25,7 +25,7 @@ function commandPlayerUnlock(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dpunlock usage: "..commands.getadmin("punlock")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/setlevel.lua
+++ b/luascripts/commands/admin/setlevel.lua
@ -23,7 +23,7 @@ local admin = require "luascripts.wolfadmin.admin.admin"
 function commandSetLevel(clientId, cmdArguments)
    if #cmdArguments < 2 then
        return false
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/showwarns.lua
+++ b/luascripts/commands/admin/showwarns.lua
@ -32,7 +32,7 @@ function commandShowWarns(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dshowwarns usage: "..commands.getadmin("showwarns")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/stats.lua
+++ b/luascripts/commands/admin/stats.lua
@ -23,7 +23,7 @@ function commandShowStats(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dstats usage: "..commands.getadmin("stats")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/vmute.lua
+++ b/luascripts/commands/admin/vmute.lua
@ -24,7 +24,7 @@ function commandVoiceMute(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dvmute usage: "..commands.getadmin("vmute")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/vunmute.lua
+++ b/luascripts/commands/admin/vunmute.lua
@ -23,7 +23,7 @@ function commandVoiceUnmute(clientId, cmdArguments)
        et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dvunmute usage: "..commands.getadmin("vunmute")["syntax"].."\";")
        
        return true
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/admin/warn.lua
+++ b/luascripts/commands/admin/warn.lua
@ -25,7 +25,7 @@ function commandAddWarn(clientId, cmdArguments)
        return false
    elseif #cmdArguments < 2 then
        return false
-    elseif tonumber(cmdArguments[1]) == nil then
+    elseif tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
        cmdClient = et.ClientNumberFromString(cmdArguments[1])
    else
        cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/client/pm.lua
+++ b/luascripts/commands/client/pm.lua
@ -22,7 +22,7 @@ function commandPersonalMessage(clientId, cmdArguments)
    if #cmdArguments > 1 then
        local cmdClient
        
-        if tonumber(cmdArguments[1]) == nil then
+        if tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
            cmdClient = et.ClientNumberFromString(cmdArguments[1])
        else
            cmdClient = tonumber(cmdArguments[1])
--- a/luascripts/commands/commands.lua
+++ b/luascripts/commands/commands.lua
@ -127,7 +127,7 @@ function commands.log(clientId, command, cmdArguments)
    if cmdArguments[1] then
        local cmdClient
        
-        if tonumber(cmdArguments[1]) == nil then
+        if tonumber(cmdArguments[1]) == nil or tonumber(cmdArguments[1]) > tonumber(et.trap_Cvar_Get("sv_maxclients")) then
            cmdClient = et.ClientNumberFromString(cmdArguments[1])
        else
            cmdClient = tonumber(cmdArguments[1])