Check for valid favorite skin name, add CSkin::IsValidName

Favorite skin names were previously not escaped as intended when saving, as the variable `aNameEscaped` was unused so the original skin name was saved instead of the escaped one. Escaping is not really necessary, as skins should not contain `\` and `"` anyway and it was only possible to add such favorites through the console or config files. Instead of escaping the favorite skin names when saving, now favorite skin names are validated when they are added so no escaping is necessary. Skins names are considered valid when they have a length of 1-23 bytes and don't contain the characters `/`, `\` and `"`.
This commit is contained in:
Robert Müller 2023-12-22 21:53:31 +01:00
parent e26ae3ae99
commit 6fc3470a8d
2 changed files with 26 additions and 4 deletions

View file

@ -430,7 +430,15 @@ void CMenus::Con_AddFavoriteSkin(IConsole::IResult *pResult, void *pUserData)
auto *pSelf = (CMenus *)pUserData; auto *pSelf = (CMenus *)pUserData;
if(pResult->NumArguments() >= 1) if(pResult->NumArguments() >= 1)
{ {
pSelf->m_SkinFavorites.emplace(pResult->GetString(0)); const char *pStr = pResult->GetString(0);
if(!CSkin::IsValidName(pStr))
{
char aError[IConsole::CMDLINE_LENGTH + 64];
str_format(aError, sizeof(aError), "Favorite skin name '%s' is not valid", pStr);
pSelf->Console()->Print(IConsole::OUTPUT_LEVEL_STANDARD, "menus/settings", aError);
return;
}
pSelf->m_SkinFavorites.emplace(pStr);
pSelf->m_SkinFavoritesChanged = true; pSelf->m_SkinFavoritesChanged = true;
} }
} }
@ -460,9 +468,6 @@ void CMenus::OnConfigSave(IConfigManager *pConfigManager)
for(const auto &Entry : m_SkinFavorites) for(const auto &Entry : m_SkinFavorites)
{ {
char aBuffer[256]; char aBuffer[256];
char aNameEscaped[256];
char *pDst = aNameEscaped;
str_escape(&pDst, Entry.c_str(), aNameEscaped + std::size(aNameEscaped));
str_format(aBuffer, std::size(aBuffer), "add_favorite_skin \"%s\"", Entry.c_str()); str_format(aBuffer, std::size(aBuffer), "add_favorite_skin \"%s\"", Entry.c_str());
pConfigManager->WriteLine(aBuffer); pConfigManager->WriteLine(aBuffer);
} }

View file

@ -142,6 +142,23 @@ public:
CSkin &operator=(CSkin &&) = default; CSkin &operator=(CSkin &&) = default;
const char *GetName() const { return m_aName; } const char *GetName() const { return m_aName; }
static bool IsValidName(const char *pName)
{
if(pName[0] == '\0' || str_length(pName) >= (int)sizeof(CSkin("").m_aName))
{
return false;
}
for(int i = 0; pName[i] != '\0'; ++i)
{
if(pName[i] == '"' || pName[i] == '/' || pName[i] == '\\')
{
return false;
}
}
return true;
}
}; };
#endif #endif