Fix amx_addban and amx_unban, make them safe (#441)
This commit is contained in:
parent
df4e4949c8
commit
ac7de68ac7
@ -221,6 +221,16 @@ public cmdKick(id, level, cid)
|
||||
return PLUGIN_HANDLED
|
||||
}
|
||||
|
||||
/**
|
||||
* ';' and '\n' are command delimiters. If a command arg contains these 2
|
||||
* it is not safe to be passed to server_cmd() as it may be trying to execute
|
||||
* a command.
|
||||
*/
|
||||
isCommandArgSafe(const arg[])
|
||||
{
|
||||
return contain(arg, ";") == -1 && contain(arg, "\n") == -1;
|
||||
}
|
||||
|
||||
public cmdUnban(id, level, cid)
|
||||
{
|
||||
if (!cmd_access(id, level, cid, 2))
|
||||
@ -247,7 +257,13 @@ public cmdUnban(id, level, cid)
|
||||
server_cmd("removeip ^"%s^";writeip", arg)
|
||||
console_print(id, "[AMXX] %L", id, "IP_REMOVED", arg)
|
||||
} else {
|
||||
server_cmd("removeid ^"%s^";writeid", arg)
|
||||
if(!isCommandArgSafe(arg))
|
||||
{
|
||||
console_print(id, "%l", "CL_NOT_FOUND");
|
||||
return PLUGIN_HANDLED;
|
||||
}
|
||||
|
||||
server_cmd("removeid %s;writeid", arg)
|
||||
console_print(id, "[AMXX] %L", id, "AUTHID_REMOVED", arg)
|
||||
}
|
||||
|
||||
@ -376,7 +392,13 @@ public cmdAddBan(id, level, cid)
|
||||
server_cmd("addip ^"%s^" ^"%s^";wait;writeip", minutes, arg)
|
||||
console_print(id, "[AMXX] Ip ^"%s^" added to ban list", arg)
|
||||
} else {
|
||||
server_cmd("banid ^"%s^" ^"%s^";wait;writeid", minutes, arg)
|
||||
if(!isCommandArgSafe(arg))
|
||||
{
|
||||
console_print(id, "%l", "CL_NOT_FOUND");
|
||||
return PLUGIN_HANDLED;
|
||||
}
|
||||
|
||||
server_cmd("banid ^"%s^" %s;wait;writeid", minutes, arg)
|
||||
console_print(id, "[AMXX] Authid ^"%s^" added to ban list", arg)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user