Settings: Sanitize setting name everywhere, not just LuaSettings

This commit is contained in:
kwolekr 2014-12-09 23:52:13 -05:00
parent d50878d608
commit 88c28414f4
4 changed files with 12 additions and 14 deletions

@ -73,7 +73,7 @@ int LuaSettings::l_set(lua_State* L)
std::string key = std::string(luaL_checkstring(L, 2)); std::string key = std::string(luaL_checkstring(L, 2));
const char* value = luaL_checkstring(L, 3); const char* value = luaL_checkstring(L, 3);
o->m_settings->set(Settings::sanitizeString(key), value); o->m_settings->set(key, value);
return 1; return 1;
} }

@ -63,16 +63,6 @@ Settings & Settings::operator = (const Settings &other)
} }
std::string Settings::sanitizeString(const std::string &value)
{
std::string str = value;
for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
str.erase(std::remove(str.begin(), str.end(), *s), str.end());
return str;
}
std::string Settings::getMultiline(std::istream &is, size_t *num_lines) std::string Settings::getMultiline(std::istream &is, size_t *num_lines)
{ {
size_t lines = 1; size_t lines = 1;
@ -689,10 +679,16 @@ void Settings::setEntry(const std::string &name, const void *data,
{ {
Settings *old_group = NULL; Settings *old_group = NULL;
// Strip any potentially dangerous characters from the name (note the value
// has no such restrictions)
std::string n(name);
for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
n.erase(std::remove(n.begin(), n.end(), *s), n.end());
{ {
JMutexAutoLock lock(m_mutex); JMutexAutoLock lock(m_mutex);
SettingsEntry &entry = set_default ? m_defaults[name] : m_settings[name]; SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n];
old_group = entry.group; old_group = entry.group;
entry.value = set_group ? "" : *(const std::string *)data; entry.value = set_group ? "" : *(const std::string *)data;

@ -55,6 +55,7 @@ struct ValueSpec {
type = a_type; type = a_type;
help = a_help; help = a_help;
} }
ValueType type; ValueType type;
const char *help; const char *help;
}; };
@ -112,7 +113,6 @@ public:
const std::string &end, u32 tab_depth=0); const std::string &end, u32 tab_depth=0);
static std::string getMultiline(std::istream &is, size_t *num_lines=NULL); static std::string getMultiline(std::istream &is, size_t *num_lines=NULL);
static std::string sanitizeString(const std::string &value);
static void printEntry(std::ostream &os, const std::string &name, static void printEntry(std::ostream &os, const std::string &name,
const SettingsEntry &entry, u32 tab_depth=0); const SettingsEntry &entry, u32 tab_depth=0);

@ -531,7 +531,9 @@ struct TestSettings: public TestBase
group2->setS16("num_oranges", 53); group2->setS16("num_oranges", 53);
group2->setGroup("animals", group3); group2->setGroup("animals", group3);
group2->set("animals", "cute"); //destroys group 3 group2->set("animals", "cute"); //destroys group 3
s.setGroup("groupy_thing", group2);
// the bad chars in here should be stripped
s.setGroup("groupy \"_\" thing", group2);
// Test multiline settings // Test multiline settings
UASSERT(group->get("ccc") == "testy\n testa "); UASSERT(group->get("ccc") == "testy\n testa ");