From 35114e454c10bad035253b8e8951643069f5b1d1 Mon Sep 17 00:00:00 2001 From: FutureRave Date: Wed, 26 Jan 2022 22:02:48 +0000 Subject: [PATCH] Stop more nonsense happening in the client module --- src/Components/Modules/ScriptExtension.cpp | 46 +++++++++++----------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/src/Components/Modules/ScriptExtension.cpp b/src/Components/Modules/ScriptExtension.cpp index 6365f1e6..60f84f67 100644 --- a/src/Components/Modules/ScriptExtension.cpp +++ b/src/Components/Modules/ScriptExtension.cpp @@ -2,19 +2,21 @@ namespace Components { + static const char* queryStrings[] = { R"(..)", R"(../)", R"(..\)" }; + void ScriptExtension::AddFunctions() { //File functions Script::AddFunction("FileWrite", [](Game::scr_entref_t) // gsc: FileWrite(, , ) { - const std::string path = Game::Scr_GetString(0); + const auto* path = Game::Scr_GetString(0); auto* text = Game::Scr_GetString(1); auto* mode = Game::Scr_GetString(2); - if (path.empty()) + if (path == nullptr) { - Game::Scr_ParamError(0, "^1FileWrite: filepath not defined!\n"); + Game::Scr_ParamError(0, "^1FileWrite: filepath is not defined!\n"); return; } @@ -24,10 +26,9 @@ namespace Components return; } - std::vector queryStrings = { R"(..)", R"(../)", R"(..\)" }; - for (auto i = 0u; i < queryStrings.size(); i++) + for (auto i = 0u; i < ARRAYSIZE(queryStrings); ++i) { - if (path.find(queryStrings[i]) != std::string::npos) + if (std::strstr(path, queryStrings[i]) != nullptr) { Logger::Print("^1FileWrite: directory traversal is not allowed!\n"); return; @@ -52,18 +53,17 @@ namespace Components Script::AddFunction("FileRead", [](Game::scr_entref_t) // gsc: FileRead() { - std::string path = Game::Scr_GetString(0); + const auto* path = Game::Scr_GetString(0); - if (path.empty()) + if (path == nullptr) { - Game::Scr_ParamError(0, "^1FileRead: filepath not defined!\n"); + Game::Scr_ParamError(0, "^1FileRead: filepath is not defined!\n"); return; } - std::vector queryStrings = { R"(..)", R"(../)", R"(..\)" }; - for (auto i = 0u; i < queryStrings.size(); i++) + for (auto i = 0u; i < ARRAYSIZE(queryStrings); ++i) { - if (path.find(queryStrings[i]) != std::string::npos) + if (std::strstr(path, queryStrings[i]) != nullptr) { Logger::Print("^1FileRead: directory traversal is not allowed!\n"); return; @@ -81,18 +81,17 @@ namespace Components Script::AddFunction("FileExists", [](Game::scr_entref_t) // gsc: FileExists() { - std::string path = Game::Scr_GetString(0); + const auto* path = Game::Scr_GetString(0); - if (path.empty()) + if (path == nullptr) { - Game::Scr_ParamError(0, "^1FileExists: filepath not defined!\n"); + Game::Scr_ParamError(0, "^1FileExists: filepath is not defined!\n"); return; } - std::vector queryStrings = { R"(..)", R"(../)", R"(..\)" }; - for (auto i = 0u; i < queryStrings.size(); i++) + for (auto i = 0u; i < ARRAYSIZE(queryStrings); ++i) { - if (path.find(queryStrings[i]) != std::string::npos) + if (std::strstr(path, queryStrings[i]) != nullptr) { Logger::Print("^1FileExists: directory traversal is not allowed!\n"); return; @@ -104,18 +103,17 @@ namespace Components Script::AddFunction("FileRemove", [](Game::scr_entref_t) // gsc: FileRemove() { - std::string path = Game::Scr_GetString(0); + const auto* path = Game::Scr_GetString(0); - if (path.empty()) + if (path == nullptr) { - Game::Scr_ParamError(0, "^1FileRemove: filepath not defined!\n"); + Game::Scr_ParamError(0, "^1FileRemove: filepath is not defined!\n"); return; } - std::vector queryStrings = { R"(..)", R"(../)", R"(..\)" }; - for (auto i = 0u; i < queryStrings.size(); i++) + for (auto i = 0u; i < ARRAYSIZE(queryStrings); ++i) { - if (path.find(queryStrings[i]) != std::string::npos) + if (std::strstr(path, queryStrings[i]) != nullptr) { Logger::Print("^1fileRemove: directory traversal is not allowed!\n"); return;