luanti-org/minetest_game
1
0
Fork 2
mirror of https://github.com/luanti-org/minetest_game.git synced 2025-10-31 15:45:21 +01:00
Code Activity

Validate & sanitize formspec fields

Browse Source
This commit is contained in:
Lars Mueller
2023-03-30 21:11:59 +02:00
parent 8eb4437ac8
commit 8ccce750c6
4 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mods/creative/inventory.lua
View File

@@ -191,10 +191,13 @@ function creative.register_tab(name, title, items)
inv.start_i = 0 inv.start_i = 0
inv.filter = "" inv.filter = ""
sfinv.set_player_inventory_formspec(player, context) sfinv.set_player_inventory_formspec(player, context)
elseif fields.creative_search or elseif (fields.creative_search or
fields.key_enter_field == "creative_filter" then fields.key_enter_field == "creative_filter")
and fields.creative_filter then
inv.start_i = 0 inv.start_i = 0
inv.filter = fields.creative_filter:lower() inv.filter = fields.creative_filter:sub(1, 1e3) -- truncate to a sane length
:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
:lower() -- search is case insensitive
sfinv.set_player_inventory_formspec(player, context) sfinv.set_player_inventory_formspec(player, context)
elseif not fields.quit then elseif not fields.quit then
local start_i = inv.start_i or 0 local start_i = inv.start_i or 0

3
mods/default/craftitems.lua
View File

@@ -148,7 +148,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
return return
end end
if fields.close then if fields.quit then
book_writers[player_name] = nil book_writers[player_name] = nil
end end
@@ -179,6 +179,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
data.description = S("\"@1\" by @2", short_title, data.owner) data.description = S("\"@1\" by @2", short_title, data.owner)
data.text = fields.text:sub(1, max_text_size) data.text = fields.text:sub(1, max_text_size)
data.text = data.text:gsub("\r\n", "\n"):gsub("\r", "\n") data.text = data.text:gsub("\r\n", "\n"):gsub("\r", "\n")
data.text = data.text:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
data.page = 1 data.page = 1
data.page_max = math.ceil((#data.text:gsub("[^\n]", "") + 1) / lpp) data.page_max = math.ceil((#data.text:gsub("[^\n]", "") + 1) / lpp)

6
mods/default/nodes.lua
View File

@@ -2597,12 +2597,12 @@ local function register_sign(material, desc, def)
if not text then if not text then
return return
end end
if string.len(text) > 512 then if #text > 512 then
minetest.chat_send_player(player_name, S("Text too long")) minetest.chat_send_player(player_name, S("Text too long"))
return return
end end
default.log_player_action(sender, "wrote \"" .. text .. text = text:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
"\" to the sign at", pos) default.log_player_action(sender, ("wrote %q to the sign at"):format(text), pos)
local meta = minetest.get_meta(pos) local meta = minetest.get_meta(pos)
meta:set_string("text", text) meta:set_string("text", text)

7
mods/mtg_craftguide/init.lua
View File

@@ -345,8 +345,11 @@ local function on_receive_fields(player, fields)
data.items = init_items data.items = init_items
return true return true
elseif fields.key_enter_field == "filter" or fields.search then elseif (fields.key_enter_field == "filter" or fields.search)
local new = fields.filter:lower() and fields.filter then
local new = fields.filter:sub(1, 1e3) -- truncate to a sane length
:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
:lower() -- search is case insensitive
if data.filter == new then if data.filter == new then
return return
end end