mirror of
https://github.com/minetest/minetest_game.git
synced 2025-01-08 22:50:16 +01:00
Validate & sanitize formspec fields (#3022)
This commit is contained in:
parent
4c6e19968a
commit
833ed77620
@ -192,10 +192,13 @@ function creative.register_tab(name, title, items)
|
|||||||
inv.start_i = 0
|
inv.start_i = 0
|
||||||
inv.filter = ""
|
inv.filter = ""
|
||||||
sfinv.set_player_inventory_formspec(player, context)
|
sfinv.set_player_inventory_formspec(player, context)
|
||||||
elseif fields.creative_search or
|
elseif (fields.creative_search or
|
||||||
fields.key_enter_field == "creative_filter" then
|
fields.key_enter_field == "creative_filter")
|
||||||
|
and fields.creative_filter then
|
||||||
inv.start_i = 0
|
inv.start_i = 0
|
||||||
inv.filter = fields.creative_filter:lower()
|
inv.filter = fields.creative_filter:sub(1, 128) -- truncate to a sane length
|
||||||
|
:gsub("[%z\1-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
|
||||||
|
:lower() -- search is case insensitive
|
||||||
sfinv.set_player_inventory_formspec(player, context)
|
sfinv.set_player_inventory_formspec(player, context)
|
||||||
elseif not fields.quit then
|
elseif not fields.quit then
|
||||||
local start_i = inv.start_i or 0
|
local start_i = inv.start_i or 0
|
||||||
|
@ -148,7 +148,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if fields.close then
|
if fields.quit then
|
||||||
book_writers[player_name] = nil
|
book_writers[player_name] = nil
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -179,6 +179,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||||||
data.description = S("\"@1\" by @2", short_title, data.owner)
|
data.description = S("\"@1\" by @2", short_title, data.owner)
|
||||||
data.text = fields.text:sub(1, max_text_size)
|
data.text = fields.text:sub(1, max_text_size)
|
||||||
data.text = data.text:gsub("\r\n", "\n"):gsub("\r", "\n")
|
data.text = data.text:gsub("\r\n", "\n"):gsub("\r", "\n")
|
||||||
|
data.text = data.text:gsub("[%z\1-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
|
||||||
data.page = 1
|
data.page = 1
|
||||||
data.page_max = math.ceil((#data.text:gsub("[^\n]", "") + 1) / lpp)
|
data.page_max = math.ceil((#data.text:gsub("[^\n]", "") + 1) / lpp)
|
||||||
|
|
||||||
|
@ -2597,12 +2597,12 @@ local function register_sign(material, desc, def)
|
|||||||
if not text then
|
if not text then
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
if string.len(text) > 512 then
|
if #text > 512 then
|
||||||
minetest.chat_send_player(player_name, S("Text too long"))
|
minetest.chat_send_player(player_name, S("Text too long"))
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
default.log_player_action(sender, "wrote \"" .. text ..
|
text = text:gsub("[%z-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
|
||||||
"\" to the sign at", pos)
|
default.log_player_action(sender, ("wrote %q to the sign at"):format(text), pos)
|
||||||
local meta = minetest.get_meta(pos)
|
local meta = minetest.get_meta(pos)
|
||||||
meta:set_string("text", text)
|
meta:set_string("text", text)
|
||||||
|
|
||||||
|
@ -345,8 +345,11 @@ local function on_receive_fields(player, fields)
|
|||||||
data.items = init_items
|
data.items = init_items
|
||||||
return true
|
return true
|
||||||
|
|
||||||
elseif fields.key_enter_field == "filter" or fields.search then
|
elseif (fields.key_enter_field == "filter" or fields.search)
|
||||||
local new = fields.filter:lower()
|
and fields.filter then
|
||||||
|
local new = fields.filter:sub(1, 128) -- truncate to a sane length
|
||||||
|
:gsub("[%z\1-\8\11-\31\127]", "") -- strip naughty control characters (keeps \t and \n)
|
||||||
|
:lower() -- search is case insensitive
|
||||||
if data.filter == new then
|
if data.filter == new then
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user