added some other files to the list of 'don't allow stuffed download commands'

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@533 fc73d0e0-1445-4013-8a0c-d673dee63da5
This commit is contained in:
Spoike 2004-11-26 06:05:18 +00:00
parent db4c8fadc5
commit 5c5d74c562

View file

@ -1917,7 +1917,7 @@ void CL_Download_f (void)
if (Cmd_FromServer()) //mark server specified downloads.
{
if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, ".."))
if (!strncmp(url, "game", 4) || !strcmp(url, "progs.dat") || !strcmp(url, "menu.dat") || !strcmp(url, "csqc.dat") || !strcmp(url, "qwprogs.dat") || strstr(url, "..") || strstr(url, ".dll") || strstr(url, ".so"))
{ //yes, I know the user can use a different progs from the one that is specified. If you leave it blank there will be no problem. (server isn't allowed to stuff progs cvar)
Con_Printf("Ignoring stuffed download of \"%s\" due to possible security risk\n", url);
return;