eukara
/
fteqw
forked from fte/fteqw
1
0
Fork 0
Code Pull Requests Activity

added some other files to the list of 'don't allow stuffed download commands' 

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@533 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
Spoike 2004-11-26 06:05:18 +00:00
parent db4c8fadc5
commit 5c5d74c562
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engine/client/cl_main.c
View File

@ -1917,7 +1917,7 @@ void CL_Download_f (void)
if (Cmd_FromServer()) //mark server specified downloads.
{
if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, ".."))
if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "menu.dat") || !strcmp(url, "csqc.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..") || strstr(url, ".dll") || strstr(url, ".so"))
{ //yes, I know the user can use a different progs from the one that is specified. If you leave it blank there will be no problem. (server isn't allowed to stuff progs cvar)
Con_Printf("Ignoring stuffed download of \"%s\" due to possible security risk\n", url);
return;