aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkwolekr <kwolekr@minetest.net>2014-12-11 23:25:42 -0500
committerkwolekr <kwolekr@minetest.net>2014-12-11 23:26:13 -0500
commitb0c4fd6d3f1c8e44896358ee9b0af20e9b304944 (patch)
treec7cd88516cd20368fa4478e2effc950fd121c336
parentf114fc74d621a7cfb1e63b5405fddb0208ee71d2 (diff)
downloadminetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.tar.gz
minetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.tar.bz2
minetest-b0c4fd6d3f1c8e44896358ee9b0af20e9b304944.zip
Settings: Sanitize value for multiline terminator tokens
-rw-r--r--src/settings.cpp34
-rw-r--r--src/settings.h2
2 files changed, 30 insertions, 6 deletions
diff --git a/src/settings.cpp b/src/settings.cpp
index d1a257607..8d2e9fa6c 100644
--- a/src/settings.cpp
+++ b/src/settings.cpp
@@ -63,6 +63,32 @@ Settings & Settings::operator = (const Settings &other)
}
+std::string Settings::sanitizeName(const std::string &name)
+{
+ std::string n(name);
+
+ for (const char *s = "\t\n\v\f\r\b =\"{}#"; *s; s++)
+ n.erase(std::remove(n.begin(), n.end(), *s), n.end());
+
+ return n;
+}
+
+
+std::string Settings::sanitizeValue(const std::string &value)
+{
+ std::string v(value);
+ size_t p = 0;
+
+ if (v.substr(0, 3) == "\"\"\"")
+ v.erase(0, 3);
+
+ while ((p = v.find("\n\"\"\"")) != std::string::npos)
+ v.erase(p, 4);
+
+ return v;
+}
+
+
std::string Settings::getMultiline(std::istream &is, size_t *num_lines)
{
size_t lines = 1;
@@ -683,11 +709,7 @@ void Settings::setEntry(const std::string &name, const void *data,
{
Settings *old_group = NULL;
- // Strip any potentially dangerous characters from the name (note the value
- // has no such restrictions)
- std::string n(name);
- for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
- n.erase(std::remove(n.begin(), n.end(), *s), n.end());
+ std::string n = sanitizeName(name);
{
JMutexAutoLock lock(m_mutex);
@@ -695,7 +717,7 @@ void Settings::setEntry(const std::string &name, const void *data,
SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n];
old_group = entry.group;
- entry.value = set_group ? "" : *(const std::string *)data;
+ entry.value = set_group ? "" : sanitizeValue(*(const std::string *)data);
entry.group = set_group ? *(Settings **)data : NULL;
entry.is_group = set_group;
}
diff --git a/src/settings.h b/src/settings.h
index cf27f2620..ba7e9c144 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -112,6 +112,8 @@ public:
bool updateConfigObject(std::istream &is, std::ostream &os,
const std::string &end, u32 tab_depth=0);
+ static std::string sanitizeName(const std::string &name);
+ static std::string sanitizeValue(const std::string &value);
static std::string getMultiline(std::istream &is, size_t *num_lines=NULL);
static void printEntry(std::ostream &os, const std::string &name,
const SettingsEntry &entry, u32 tab_depth=0);