• R/O
  • SSH

zandronum-zdoom-sync: Commit


Commit MetaInfo

Revisionb3db6aca7e700b6ff7612f8cc1322c065ff9db5f (tree)
Time2017-12-18 22:43:32
AuthorRachael Alexanderson <anonymous@none...>
CommiterRachael Alexanderson

Log Message

- added some security for MENUDEF commands in c_dispatch to curb some possible skulldrugery that may be possible.

Change Summary

Incremental Difference

diff -r e2f08ac1dfef -r b3db6aca7e70 src/c_dispatch.cpp
--- a/src/c_dispatch.cpp Sun Dec 03 13:28:00 2017 +0100
+++ b/src/c_dispatch.cpp Mon Dec 18 08:43:32 2017 -0500
@@ -137,7 +137,7 @@
137137 Button_ShowMedals; // [BC] Added the "show medals" button.
138138
139139
140-bool ParsingKeyConf;
140+bool ParsingKeyConf, ParsingMenuDef = false;
141141
142142 // To add new actions, go to the console and type "key <action name>".
143143 // This will give you the key value to use in the first column. Then
@@ -199,6 +199,43 @@
199199 "clearplayerclasses"
200200 };
201201
202+static const char *MenuDefCommands[] =
203+{
204+ "snd_reset",
205+ "reset2defaults",
206+ "reset2saved",
207+ "menuconsole",
208+ "clearnodecache",
209+ "am_restorecolors",
210+ "special",
211+ "puke",
212+ "fpuke",
213+ "pukename",
214+ //"event", // [SP] these won't be useful until zscript
215+ //"netevent",
216+
217+ // begin zandronum specific commands
218+ "menu_spectate",
219+ "menu_changeteam",
220+ "menu_disconnect",
221+ "menu_startskirmish",
222+ "querymaster",
223+ "menu_join_selected_server",
224+ "menu_callkickvote",
225+ "menu_callmapvote",
226+ "menu_calllimitvote",
227+ "menu_ignore",
228+ "menu_joingame",
229+ "menu_help",
230+ "menu_autoselect",
231+ "menu_joingame",
232+ "menu_joingamewithclass",
233+ "menu_login",
234+ "rcon",
235+ "menu_rconlogin",
236+ "spectate",
237+};
238+
202239 // CODE --------------------------------------------------------------------
203240
204241 IMPLEMENT_CLASS (DWaitingCommand)
@@ -596,6 +633,25 @@
596633 }
597634 }
598635
636+ if (ParsingMenuDef)
637+ {
638+ int i;
639+
640+ for (i = countof(MenuDefCommands)-1; i >= 0; --i)
641+ {
642+ if (strnicmp (beg, MenuDefCommands[i], len) == 0 &&
643+ MenuDefCommands[i][len] == 0)
644+ {
645+ break;
646+ }
647+ }
648+ if (i < 0)
649+ {
650+ Printf ("Invalid command for MENUDEF: %s\n", beg);
651+ return;
652+ }
653+ }
654+
599655 // Check if this is an action
600656 if (*beg == '+' || *beg == '-')
601657 {
diff -r e2f08ac1dfef -r b3db6aca7e70 src/menu/optionmenuitems.h
--- a/src/menu/optionmenuitems.h Sun Dec 03 13:28:00 2017 +0100
+++ b/src/menu/optionmenuitems.h Mon Dec 18 08:43:32 2017 -0500
@@ -35,6 +35,7 @@
3535
3636 void M_DrawConText (int color, int x, int y, const char *str);
3737 void M_SetVideoMode();
38+extern bool ParsingMenuDef; // needed to stop some skulldruggery
3839
3940
4041
@@ -86,7 +87,9 @@
8687 bool Activate()
8788 {
8889 S_Sound (CHAN_VOICE | CHAN_UI, "menu/choose", snd_menuvolume, ATTN_NONE);
90+ ParsingMenuDef = true;
8991 C_DoCommand(mAction);
92+ ParsingMenuDef = false;
9093 return true;
9194 }
9295
@@ -111,7 +114,9 @@
111114 {
112115 if (mkey == MKEY_MBYes)
113116 {
117+ ParsingMenuDef = true;
114118 C_DoCommand(mAction);
119+ ParsingMenuDef = false;
115120 return true;
116121 }
117122 return FOptionMenuItemCommand::MenuEvent(mkey, fromcontroller);
Show on old repository browser