From 47735c273c96e582f6e9bceee223270ad2a99236 Mon Sep 17 00:00:00 2001
From: SmallJoker <SmallJoker@users.noreply.github.com>
Date: Thu, 27 Jan 2022 22:23:14 +0100
Subject: Builtin: Sanity-check /time inputs (#11993)

This enforces the documented bounds for the /time command.
---
 builtin/game/chat.lua | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'builtin')

diff --git a/builtin/game/chat.lua b/builtin/game/chat.lua
index 99296f782..0f5739d5c 100644
--- a/builtin/game/chat.lua
+++ b/builtin/game/chat.lua
@@ -1034,12 +1034,11 @@ core.register_chatcommand("time", {
 		end
 		local hour, minute = param:match("^(%d+):(%d+)$")
 		if not hour then
-			local new_time = tonumber(param)
-			if not new_time then
-				return false, S("Invalid time.")
+			local new_time = tonumber(param) or -1
+			if new_time ~= new_time or new_time < 0 or new_time > 24000 then
+				return false, S("Invalid time (must be between 0 and 24000).")
 			end
-			-- Backward compatibility.
-			core.set_timeofday((new_time % 24000) / 24000)
+			core.set_timeofday(new_time / 24000)
 			core.log("action", name .. " sets time to " .. new_time)
 			return true, S("Time of day changed.")
 		end
-- 
cgit v1.2.3