UNLOZE/sourcemod
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sanitize servercfgfile and lservercfgfile values with sm_cvar (bug 6579).

Browse Source
This commit is contained in:
Nicholas Hastings 2017-01-20 15:29:25 -05:00
parent 3fd7b29d64
commit c7f413f1b0
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/basecommands.sp
View File

@ -308,6 +308,16 @@ public Action Command_Cvar(int client, int args)
} }
GetCmdArg(2, value, sizeof(value)); GetCmdArg(2, value, sizeof(value));
// The server passes the values of these directly into ServerCommand, following exec. Sanitize.
if (StrEqual(cvarname, "servercfgfile", false) || StrEqual(cvarname, "lservercfgfile", false))
{
int pos = StrContains(value, ";", true);
if (pos != -1)
{
value[pos] = '\0';
}
}
if ((hndl.Flags & FCVAR_PROTECTED) != FCVAR_PROTECTED) if ((hndl.Flags & FCVAR_PROTECTED) != FCVAR_PROTECTED)
{ {