mirror of
https://github.com/DrBeef/ioq3quest.git
synced 2024-11-29 23:32:23 +00:00
Check for all command separators in callTeamVote
Make callTeamVote check for all command separators like in callVote. It's not exploitable as the only vote option (leader) always uses an integer argument. Also the ioquake3 engine remove command separators from client game commands in Cmd_Args_Sanitize().
This commit is contained in:
parent
0bce5463f7
commit
f0b74a27c9
1 changed files with 10 additions and 3 deletions
|
@ -1489,9 +1489,16 @@ void Cmd_CallTeamVote_f( gentity_t *ent ) {
|
||||||
trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) - strlen(arg2) );
|
trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) - strlen(arg2) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {
|
// check for command separators in arg2
|
||||||
|
for( c = arg2; *c; ++c) {
|
||||||
|
switch(*c) {
|
||||||
|
case '\n':
|
||||||
|
case '\r':
|
||||||
|
case ';':
|
||||||
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
|
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
|
||||||
return;
|
return;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !Q_stricmp( arg1, "leader" ) ) {
|
if ( !Q_stricmp( arg1, "leader" ) ) {
|
||||||
|
|
Loading…
Reference in a new issue