Validate & sanitize formspec fields (#3022)

2025-06-29 21:30:26 +02:00 · 2023-04-08 18:13:45 +02:00
parent 4c6e19968a
commit 833ed77620
4 changed files with 16 additions and 9 deletions
--- a/mods/default/nodes.lua
+++ b/mods/default/nodes.lua
@ -2597,12 +2597,12 @@ local function register_sign(material, desc, def)
 			if not text then
 				return
 			end
-			if string.len(text) > 512 then
+			if #text > 512 then
 				minetest.chat_send_player(player_name, S("Text too long"))
 				return
 			end
-			default.log_player_action(sender, "wrote \"" .. text ..
-				"\" to the sign at", pos)
+			text = text:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
+			default.log_player_action(sender, ("wrote %q to the sign at"):format(text), pos)
 			local meta = minetest.get_meta(pos)
 			meta:set_string("text", text)