From f77ba14948e4d405b8e5fffe6412b6f3828420d8 Mon Sep 17 00:00:00 2001
From: Rachael Alexanderson <raa-eruanna@users.noreply.github.com>
Date: Thu, 14 Dec 2017 15:51:24 -0500
Subject: [PATCH] - use a whitelist for DoCommand zscript command

---
 src/c_dispatch.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/c_dispatch.cpp b/src/c_dispatch.cpp
index 996872a66..4e3f027f0 100644
--- a/src/c_dispatch.cpp
+++ b/src/c_dispatch.cpp
@@ -664,13 +664,29 @@ void C_DoCommand (const char *cmd, int keynum)
 	}
 }
 
+#define ZS_SAFE_COMMAND(ccmd) if (stricmp(cmd, #ccmd) == 0) return true;
+
+bool C_ZSIsSafe(FString cmd)
+{
+	ZS_SAFE_COMMAND(snd_reset)	
+	ZS_SAFE_COMMAND(reset2defaults)
+	ZS_SAFE_COMMAND(menuconsole)
+	ZS_SAFE_COMMAND(clearnodecache)
+	ZS_SAFE_COMMAND(am_restorecolors)
+
+	return false;
+}
+
 // This is only accessible to the special menu item to run CCMDs.
 DEFINE_ACTION_FUNCTION(DOptionMenuItemCommand, DoCommand)
 {
 	if (CurrentMenu == nullptr) return 0;
 	PARAM_PROLOGUE;
 	PARAM_STRING(cmd);
-	C_DoCommand(cmd);
+	if (C_ZSIsSafe(cmd))
+		C_DoCommand(cmd);
+	else
+		Printf("Script attempted to call unsafe command '%s'\n", cmd);
 	return 0;
 }