adminvote.sma exploit fix (#823)

* Restrict having ".." character sequence in amx_votemap command arguments Fixes exploit on Windows servers that allows executing potentially dangerous console commands * Fix typo containi -> contain
2020-05-29 02:04:16 +03:00 · 2020-05-29 02:04:16 +03:00 · a5f2b5539f
commit a5f2b5539f
parent 307e71455a
1 changed files with 4 additions and 1 deletions
--- a/plugins/adminvote.sma
+++ b/plugins/adminvote.sma
@ -238,7 +238,10 @@ public cmdVoteMap(id, level, cid)
 	for (new i = 1; i < argc; ++i)
 	{
 		read_argv(i, g_optionName[g_validMaps], 31)
-		
+
+		if (contain(g_optionName[g_validMaps], "..") != -1)
+			continue
+
 		if (is_map_valid(g_optionName[g_validMaps]))
 			g_validMaps++
 	}