From 5c5d74c562d8d26875cd3ba9ec7b214b14c7c4cc Mon Sep 17 00:00:00 2001 From: Spoike Date: Fri, 26 Nov 2004 06:05:18 +0000 Subject: [PATCH] added some other files to the list of 'don't allow stuffed download commands' git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@533 fc73d0e0-1445-4013-8a0c-d673dee63da5 --- engine/client/cl_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/client/cl_main.c b/engine/client/cl_main.c index 154e1d074..d82c8d271 100644 --- a/engine/client/cl_main.c +++ b/engine/client/cl_main.c @@ -1917,7 +1917,7 @@ void CL_Download_f (void) if (Cmd_FromServer()) //mark server specified downloads. { - if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..")) + if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "menu.dat") || !strcmp(url, "csqc.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..") || strstr(url, ".dll") || strstr(url, ".so")) { //yes, I know the user can use a different progs from the one that is specified. If you leave it blank there will be no problem. (server isn't allowed to stuff progs cvar) Con_Printf("Ignoring stuffed download of \"%s\" due to possible security risk\n", url); return;