diff --git a/src/client/cl_download.c b/src/client/cl_download.c index 29843e0e..e43923c2 100644 --- a/src/client/cl_download.c +++ b/src/client/cl_download.c @@ -555,7 +555,7 @@ CL_DownloadFilter(const char *filename) return true; } - if (strstr(filename, "..") || strstr(filename, ":") || (*filename == '.') || (*filename == '/')) + if (strstr(filename, "..") || strchr(filename, ':') || (*filename == '.') || (*filename == '/')) { Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename); return true; diff --git a/src/client/sound/qal.c b/src/client/sound/qal.c index da8cb16c..02a074e0 100644 --- a/src/client/sound/qal.c +++ b/src/client/sound/qal.c @@ -406,7 +406,7 @@ QAL_Init() /* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */ al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE); - if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string, "/") || strstr(al_driver->string, "\\")) + if (strstr(al_driver->string, "..") || strchr(al_driver->string, ':') || strchr(al_driver->string, '/') || strchr(al_driver->string, '\\')) { Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string); return false;