diff --git a/worldedit_commands/init.lua b/worldedit_commands/init.lua index 612de62..83a127e 100644 --- a/worldedit_commands/init.lua +++ b/worldedit_commands/init.lua @@ -78,6 +78,10 @@ local function mkdir(path) end end +local function check_filename(name) + return name:find("^[%w%s%^&'@{}%[%],%$=!%-#%(%)%%%.%+~_]+$") ~= nil +end + minetest.register_chatcommand("/about", { params = "", @@ -885,11 +889,10 @@ minetest.register_chatcommand("/save", { worldedit.player_notify(name, "invalid usage: " .. param) return end - if not param:find("^[a-zA-Z0-9_%-.]+$") then + if not check_filename(param) then worldedit.player_notify(name, "Disallowed file name: " .. param) return end - local result, count = worldedit.serialize(worldedit.pos1[name], worldedit.pos2[name]) @@ -923,8 +926,8 @@ minetest.register_chatcommand("/allocate", { worldedit.player_notify(name, "invalid usage: " .. param) return end - if not string.find(param, "^[%w \t.,+-_=!@#$%%^&*()%[%]{};'\"]+$") then - worldedit.player_notify(name, "invalid file name: " .. param) + if not check_filename(param) then + worldedit.player_notify(name, "Disallowed file name: " .. param) return end @@ -1056,7 +1059,7 @@ minetest.register_chatcommand("/mtschemcreate", { worldedit.player_notify(name, "No filename specified") return end - if not param:find("^[a-zA-Z0-9_%-.]+$") then + if not check_filename(param) then worldedit.player_notify(name, "Disallowed file name: " .. param) return end @@ -1083,10 +1086,14 @@ minetest.register_chatcommand("/mtschemplace", { description = "Load nodes from \"(world folder)/schems/.mts\" with position 1 of the current WorldEdit region as the origin", privs = {worldedit=true}, func = function(name, param) - if param == nil then + if param == "" then worldedit.player_notify(name, "no filename specified") return end + if not check_filename(param) then + worldedit.player_notify(name, "Disallowed file name: " .. param) + return + end local pos = get_position(name) if pos == nil then return end