View Single Post
Old 10-10-2009, 02:02 PM   #215
-=*Raz0r*=-
Rookie
 
-=*Raz0r*=-'s Avatar
 
Join Date: Oct 2006
Location: Australia
Posts: 243
5 in a row!

Some of you know of the 'JA Haxxor Toolkit' and its features..
Well, one of these features is a multi-lined name (You can also make it look like someone else said something)

So, an effective way to combat this? Simple.
Adapt your Info_Validate to look like this...
Code:
static const char badChars[] = { '\n', '\r', '\"', ';' };
qboolean Info_Validate( const char *s ) {
	int i = 0;
	for (i=0; i<sizeof(badChars); i++)
		if ( strchr( s, badChars[i] ) )
			return qfalse;
	return qtrue;
}
That should effectively remove carriage returns, line breaks, semicolons and quotation marks from any field in the userinfo string (Client names are kept in their userinfo string)

EDIT: Silly me, you should also perform this check in the say function (G_Say or something in g_cmds.c)

EDIT: I suppose the semi-logical thing would be to remove all instances of those characters in the string, and afterwards check if there are any characters remaining in the string (To prevent a free method of getting a blank name/etc)


Last edited by -=*Raz0r*=-; 11-13-2009 at 03:28 PM.
-=*Raz0r*=- is offline   you may: quote & reply,