From 4b6bff46e14c6215828da5ca9ad2cb79aa517a6e Mon Sep 17 00:00:00 2001 From: ANAND Date: Tue, 26 Nov 2019 00:33:34 +0530 Subject: Use a safer implementation of gsub in core.chat_format_message (#9133) This search-and-replace implementation does not use Lua pattern-matching --- builtin/game/chat.lua | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/builtin/game/chat.lua b/builtin/game/chat.lua index 37d12c458..291e72b70 100644 --- a/builtin/game/chat.lua +++ b/builtin/game/chat.lua @@ -1,27 +1,41 @@ -- Minetest: builtin/game/chat.lua +-- Helper function that implements search and replace without pattern matching +-- Returns the string and a boolean indicating whether or not the string was modified +local function safe_gsub(s, replace, with) + local i1, i2 = s:find(replace, 1, true) + if not i1 then + return s, false + end + + return s:sub(1, i1 - 1) .. with .. s:sub(i2 + 1), true +end + -- -- Chat message formatter -- -- Implemented in Lua to allow redefinition function core.format_chat_message(name, message) - local str = core.settings:get("chat_message_format") local error_str = "Invalid chat message format - missing %s" - local i + local str = core.settings:get("chat_message_format") + local replaced - str, i = str:gsub("@name", name, 1) - if i == 0 then + -- Name + str, replaced = safe_gsub(str, "@name", name) + if not replaced then error(error_str:format("@name"), 2) end - str, i = str:gsub("@message", message, 1) - if i == 0 then + -- Timestamp + str = safe_gsub(str, "@timestamp", os.date("%H:%M:%S", os.time())) + + -- Insert the message into the string only after finishing all other processing + str, replaced = safe_gsub(str, "@message", message) + if not replaced then error(error_str:format("@message"), 2) end - str = str:gsub("@timestamp", os.date("%H:%M:%S", os.time()), 1) - return str end -- cgit v1.2.3