From 936c9477bee050a94a659db071f25ba91e2816b5 Mon Sep 17 00:00:00 2001
From: Juice <etojuice@yandex.ru>
Date: Fri, 29 May 2020 02:04:16 +0300
Subject: [PATCH] adminvote.sma exploit fix (#823)

* Restrict having ".." character sequence in amx_votemap command arguments

Fixes exploit on Windows servers that allows executing potentially dangerous console commands

* Fix typo

containi -> contain
---
 plugins/adminvote.sma | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/adminvote.sma b/plugins/adminvote.sma
index 9e0d5372..f1d2ebb5 100755
--- a/plugins/adminvote.sma
+++ b/plugins/adminvote.sma
@@ -238,7 +238,10 @@ public cmdVoteMap(id, level, cid)
 	for (new i = 1; i < argc; ++i)
 	{
 		read_argv(i, g_optionName[g_validMaps], 31)
-		
+
+		if (contain(g_optionName[g_validMaps], "..") != -1)
+			continue
+
 		if (is_map_valid(g_optionName[g_validMaps]))
 			g_validMaps++
 	}