- changed all places which used a localized string as a format template for printf, String.Format et.al.

Passing something non-constant at compile time here is extremely dangerous, especially when users can replace those strings if they like.
It now uses FString::Substitute in all cases where something needs to be inserted into a template string.
This commit is contained in:
Christoph Oelckers 2019-02-20 20:20:06 +01:00
parent 15eb57e00d
commit 6a742f8d34
3 changed files with 14 additions and 9 deletions

View file

@ -191,8 +191,8 @@ CCMD (quicksave)
S_Sound(CHAN_VOICE | CHAN_UI, "menu/activate", snd_menuvolume, ATTN_NONE);
FString tempstring;
tempstring.Format(GStrings("QSPROMPT"), savegameManager.quickSaveSlot->SaveTitle.GetChars());
FString tempstring = GStrings("QSPROMPT");
tempstring.Substitute("%s", savegameManager.quickSaveSlot->SaveTitle.GetChars());
DMenu *newmenu = CreateMessageBoxMenu(CurrentMenu, tempstring, 0, false, NAME_None, []()
{
@ -234,8 +234,8 @@ CCMD (quickload)
G_LoadGame(savegameManager.quickSaveSlot->Filename.GetChars());
return;
}
FString tempstring;
tempstring.Format(GStrings("QLPROMPT"), savegameManager.quickSaveSlot->SaveTitle.GetChars());
FString tempstring = GStrings("QLPROMPT");
tempstring.Substitute("%s", savegameManager.quickSaveSlot->SaveTitle.GetChars());
M_StartControlPanel(true);

View file

@ -137,8 +137,12 @@ class ConversationMenu : Menu
mShowGold |= reply.NeedsGold;
let ReplyText = Stringtable.Localize(reply.Reply);
if (reply.NeedsGold) ReplyText.AppendFormat(Stringtable.Localize("$TXT_TRADE"), reply.PrintAmount);
if (reply.NeedsGold)
{
let trade = Stringtable.Localize("$TXT_TRADE");
let amount = String.Format("%u", reply.PrintAmount);
trade.Replace("%u", amount);
}
let ReplyLines = SmallFont.BreakLines (ReplyText, ReplyWidth);
mResponses.Push(mResponseLines.Size());

View file

@ -583,11 +583,12 @@ class GLTextureGLOptions : OptionMenu
{
int multiplier = gl_texture_hqresizemult * gl_texture_hqresizemult;
string localized = StringTable.Localize("$GLTEXMNU_HQRESIZEWARN");
message = String.Format(localized, multiplier);
message = StringTable.Localize("$GLTEXMNU_HQRESIZEWARN");
string mult = String.Format("%d", multiplier);
message.Replace("%d", mult);
}
mDesc.mItems[mWarningIndex].mLabel = message;
mDesc.mItems[mWarningIndex].mLabel = Font.TEXTCOLOR_CYAN .. message;
}
}
}