Prevent commands from being run on the client with sm_play (#1832)

* Prevent command injection * Empty to commit to try to kick CI. * Improve filename sanitisation --------- Co-authored-by: Fyren <fyrenmoo@gmail.com>
2023-09-28 00:51:07 +10:00 · 2023-09-28 00:51:07 +10:00 · a402b3cceb
commit a402b3cceb
parent 99dbe06d8a
1 changed files with 17 additions and 13 deletions
--- a/plugins/sounds.sp
+++ b/plugins/sounds.sp
@ -74,16 +74,20 @@ public Action Command_Play(int client, int args)
 		return Plugin_Handled;
 	}
-	/* Incase they put quotes and white spaces after the quotes */
+	char SoundPath[PLATFORM_MAX_PATH];
-	if (Arguments[len] == '"')
+	BreakString(Arguments[len], SoundPath, sizeof(SoundPath));
 	{
 		len++;
 		int FileLen = TrimString(Arguments[len]) + len;
-		if (Arguments[FileLen - 1] == '"')
+	/* Remove all double and single quotes out of the path */
 	ReplaceString(SoundPath, sizeof(SoundPath), "\"", "");
 	ReplaceString(SoundPath, sizeof(SoundPath), "'", "");
 	TrimString(SoundPath);
 	/* Block any attempts of chaining console commands on */
 	if(StrContains(SoundPath, ";") != -1)
 	{
-			Arguments[FileLen - 1] = '\0';
+		ReplyToCommand(client, "[SM] Invalid filename");
-		}
+		return Plugin_Handled;
 	}
 	char target_name[MAX_TARGET_LENGTH];
@ -106,8 +110,8 @@ public Action Command_Play(int client, int args)
 	for (int i = 0; i < target_count; i++)
 	{
-		ClientCommand(target_list[i], "playgamesound \"%s\"", Arguments[len]);
+		ClientCommand(target_list[i], "playgamesound \"%s\"", SoundPath);
-		LogAction(client, target_list[i], "\"%L\" played sound on \"%L\" (file \"%s\")", client, target_list[i], Arguments[len]);
+		LogAction(client, target_list[i], "\"%L\" played sound on \"%L\" (file \"%s\")", client, target_list[i], SoundPath);
 	}
 	if (tn_is_ml)