adminvote.sma exploit fix (#823)
* Restrict having ".." character sequence in amx_votemap command arguments Fixes exploit on Windows servers that allows executing potentially dangerous console commands * Fix typo containi -> contain
This commit is contained in:
parent
307e71455a
commit
a5f2b5539f
|
@ -239,6 +239,9 @@ public cmdVoteMap(id, level, cid)
|
||||||
{
|
{
|
||||||
read_argv(i, g_optionName[g_validMaps], 31)
|
read_argv(i, g_optionName[g_validMaps], 31)
|
||||||
|
|
||||||
|
if (contain(g_optionName[g_validMaps], "..") != -1)
|
||||||
|
continue
|
||||||
|
|
||||||
if (is_map_valid(g_optionName[g_validMaps]))
|
if (is_map_valid(g_optionName[g_validMaps]))
|
||||||
g_validMaps++
|
g_validMaps++
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user