fte/fteqw
2
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

added some other files to the list of 'don't allow stuffed download commands'

Browse source 
git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@533 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
Spoike 2004-11-26 06:05:18 +00:00
parent db4c8fadc5
commit 5c5d74c562
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
engine/client/cl_main.c
View file

@ -1917,7 +1917,7 @@ void CL_Download_f (void)
if (Cmd_FromServer()) //mark server specified downloads. if (Cmd_FromServer()) //mark server specified downloads.
{ {
if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..")) if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "menu.dat") || !strcmp(url, "csqc.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..") || strstr(url, ".dll") || strstr(url, ".so"))
{ //yes, I know the user can use a different progs from the one that is specified. If you leave it blank there will be no problem. (server isn't allowed to stuff progs cvar) { //yes, I know the user can use a different progs from the one that is specified. If you leave it blank there will be no problem. (server isn't allowed to stuff progs cvar)
Con_Printf("Ignoring stuffed download of \"%s\" due to possible security risk\n", url); Con_Printf("Ignoring stuffed download of \"%s\" due to possible security risk\n", url);
return; return;