diff options
author | kwolekr <kwolekr@minetest.net> | 2014-12-11 23:25:42 -0500 |
---|---|---|
committer | kwolekr <kwolekr@minetest.net> | 2014-12-11 23:26:13 -0500 |
commit | b0c4fd6d3f1c8e44896358ee9b0af20e9b304944 (patch) | |
tree | c7cd88516cd20368fa4478e2effc950fd121c336 | |
parent | f114fc74d621a7cfb1e63b5405fddb0208ee71d2 (diff) | |
download | minetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.tar.gz minetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.tar.bz2 minetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.zip |
Settings: Sanitize value for multiline terminator tokens
-rw-r--r-- | src/settings.cpp | 34 | ||||
-rw-r--r-- | src/settings.h | 2 |
2 files changed, 30 insertions, 6 deletions
diff --git a/src/settings.cpp b/src/settings.cpp index d1a257607..8d2e9fa6c 100644 --- a/src/settings.cpp +++ b/src/settings.cpp @@ -63,6 +63,32 @@ Settings & Settings::operator = (const Settings &other) } +std::string Settings::sanitizeName(const std::string &name) +{ + std::string n(name); + + for (const char *s = "\t\n\v\f\r\b =\"{}#"; *s; s++) + n.erase(std::remove(n.begin(), n.end(), *s), n.end()); + + return n; +} + + +std::string Settings::sanitizeValue(const std::string &value) +{ + std::string v(value); + size_t p = 0; + + if (v.substr(0, 3) == "\"\"\"") + v.erase(0, 3); + + while ((p = v.find("\n\"\"\"")) != std::string::npos) + v.erase(p, 4); + + return v; +} + + std::string Settings::getMultiline(std::istream &is, size_t *num_lines) { size_t lines = 1; @@ -683,11 +709,7 @@ void Settings::setEntry(const std::string &name, const void *data, { Settings *old_group = NULL; - // Strip any potentially dangerous characters from the name (note the value - // has no such restrictions) - std::string n(name); - for (const char *s = "\t\n\v\f\r\b =\""; *s; s++) - n.erase(std::remove(n.begin(), n.end(), *s), n.end()); + std::string n = sanitizeName(name); { JMutexAutoLock lock(m_mutex); @@ -695,7 +717,7 @@ void Settings::setEntry(const std::string &name, const void *data, SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n]; old_group = entry.group; - entry.value = set_group ? "" : *(const std::string *)data; + entry.value = set_group ? "" : sanitizeValue(*(const std::string *)data); entry.group = set_group ? *(Settings **)data : NULL; entry.is_group = set_group; } diff --git a/src/settings.h b/src/settings.h index cf27f2620..ba7e9c144 100644 --- a/src/settings.h +++ b/src/settings.h @@ -112,6 +112,8 @@ public: bool updateConfigObject(std::istream &is, std::ostream &os, const std::string &end, u32 tab_depth=0); + static std::string sanitizeName(const std::string &name); + static std::string sanitizeValue(const std::string &value); static std::string getMultiline(std::istream &is, size_t *num_lines=NULL); static void printEntry(std::ostream &os, const std::string &name, const SettingsEntry &entry, u32 tab_depth=0); |