From 88c28414f4a88c8d66f9cadb150896f9e25527ae Mon Sep 17 00:00:00 2001 From: kwolekr Date: Tue, 9 Dec 2014 23:52:13 -0500 Subject: [PATCH] Settings: Sanitize setting name everywhere, not just LuaSettings --- src/script/lua_api/l_settings.cpp | 2 +- src/settings.cpp | 18 +++++++----------- src/settings.h | 2 +- src/test.cpp | 4 +++- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/src/script/lua_api/l_settings.cpp b/src/script/lua_api/l_settings.cpp index c2c6f009d..13a88ee95 100644 --- a/src/script/lua_api/l_settings.cpp +++ b/src/script/lua_api/l_settings.cpp @@ -73,7 +73,7 @@ int LuaSettings::l_set(lua_State* L) std::string key = std::string(luaL_checkstring(L, 2)); const char* value = luaL_checkstring(L, 3); - o->m_settings->set(Settings::sanitizeString(key), value); + o->m_settings->set(key, value); return 1; } diff --git a/src/settings.cpp b/src/settings.cpp index 487b3da78..aec4b8f65 100644 --- a/src/settings.cpp +++ b/src/settings.cpp @@ -63,16 +63,6 @@ Settings & Settings::operator = (const Settings &other) } -std::string Settings::sanitizeString(const std::string &value) -{ - std::string str = value; - for (const char *s = "\t\n\v\f\r\b =\""; *s; s++) - str.erase(std::remove(str.begin(), str.end(), *s), str.end()); - - return str; -} - - std::string Settings::getMultiline(std::istream &is, size_t *num_lines) { size_t lines = 1; @@ -689,10 +679,16 @@ void Settings::setEntry(const std::string &name, const void *data, { Settings *old_group = NULL; + // Strip any potentially dangerous characters from the name (note the value + // has no such restrictions) + std::string n(name); + for (const char *s = "\t\n\v\f\r\b =\""; *s; s++) + n.erase(std::remove(n.begin(), n.end(), *s), n.end()); + { JMutexAutoLock lock(m_mutex); - SettingsEntry &entry = set_default ? m_defaults[name] : m_settings[name]; + SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n]; old_group = entry.group; entry.value = set_group ? "" : *(const std::string *)data; diff --git a/src/settings.h b/src/settings.h index 7241877bd..cf27f2620 100644 --- a/src/settings.h +++ b/src/settings.h @@ -55,6 +55,7 @@ struct ValueSpec { type = a_type; help = a_help; } + ValueType type; const char *help; }; @@ -112,7 +113,6 @@ public: const std::string &end, u32 tab_depth=0); static std::string getMultiline(std::istream &is, size_t *num_lines=NULL); - static std::string sanitizeString(const std::string &value); static void printEntry(std::ostream &os, const std::string &name, const SettingsEntry &entry, u32 tab_depth=0); diff --git a/src/test.cpp b/src/test.cpp index 63d8219a9..adae8ff57 100644 --- a/src/test.cpp +++ b/src/test.cpp @@ -531,7 +531,9 @@ struct TestSettings: public TestBase group2->setS16("num_oranges", 53); group2->setGroup("animals", group3); group2->set("animals", "cute"); //destroys group 3 - s.setGroup("groupy_thing", group2); + + // the bad chars in here should be stripped + s.setGroup("groupy \"_\" thing", group2); // Test multiline settings UASSERT(group->get("ccc") == "testy\n testa ");