epic/OpenRA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix LobbyCommands not validating user-modifiable input

Browse Source 
Validates all input that could have been changed with custom yaml rules.
This commit is contained in:
Oliver Brakmann
2016-02-21 16:31:45 +01:00
parent 40514184d8
commit cf9f25eb0b
1 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
OpenRA.Mods.Common/ServerTraits/LobbyCommands.cs
View File

@@ -16,6 +16,7 @@ using OpenRA.Graphics;
using OpenRA.Mods.Common.Traits; using OpenRA.Mods.Common.Traits;
using OpenRA.Network; using OpenRA.Network;
using OpenRA.Server; using OpenRA.Server;
using OpenRA.Traits;
using S = OpenRA.Server.Server; using S = OpenRA.Server.Server;
namespace OpenRA.Mods.Common.Server namespace OpenRA.Mods.Common.Server
@@ -585,8 +586,8 @@ namespace OpenRA.Mods.Common.Server
if (s != null && !server.Map.Options.Difficulties.Contains(s)) if (s != null && !server.Map.Options.Difficulties.Contains(s))
{ {
server.SendOrderTo(conn, "Message", "Unsupported difficulty selected: {0}".F(s)); server.SendOrderTo(conn, "Message", "Invalid difficulty selected: {0}".F(s));
server.SendOrderTo(conn, "Message", "Supported difficulties: {0}".F(server.Map.Options.Difficulties.JoinWith(","))); server.SendOrderTo(conn, "Message", "Supported values: {0}".F(server.Map.Options.Difficulties.JoinWith(", ")));
return true; return true;
} }
@@ -613,12 +614,17 @@ namespace OpenRA.Mods.Common.Server
} }
var startUnitsInfo = server.Map.Rules.Actors["world"].TraitInfos<MPStartUnitsInfo>(); var startUnitsInfo = server.Map.Rules.Actors["world"].TraitInfos<MPStartUnitsInfo>();
var selectedClass = startUnitsInfo.Where(u => u.Class == s).Select(u => u.ClassName).FirstOrDefault(); var selectedClass = startUnitsInfo.Where(u => u.Class == s).FirstOrDefault();
var className = selectedClass != null ? selectedClass : s; if (selectedClass == null)
{
server.SendOrderTo(conn, "Message", "Invalid starting units option selected: {0}".F(s));
server.SendOrderTo(conn, "Message", "Supported values: {0}".F(startUnitsInfo.Select(su => su.ClassName).JoinWith(", ")));
return true;
}
server.LobbyInfo.GlobalSettings.StartingUnitsClass = s; server.LobbyInfo.GlobalSettings.StartingUnitsClass = selectedClass.Class;
server.SyncLobbyGlobalSettings(); server.SyncLobbyGlobalSettings();
server.SendMessage("{0} changed Starting Units to {1}.".F(client.Name, className)); server.SendMessage("{0} changed Starting Units to {1}.".F(client.Name, selectedClass.ClassName));
return true; return true;
} }
@@ -638,9 +644,18 @@ namespace OpenRA.Mods.Common.Server
return true; return true;
} }
server.LobbyInfo.GlobalSettings.StartingCash = Exts.ParseIntegerInvariant(s); var startingCashOptions = server.Map.Rules.Actors["player"].TraitInfo<PlayerResourcesInfo>().SelectableCash;
var requestedCash = Exts.ParseIntegerInvariant(s);
if (!startingCashOptions.Contains(requestedCash))
{
server.SendOrderTo(conn, "Message", "Invalid starting cash value selected: {0}".F(s));
server.SendOrderTo(conn, "Message", "Supported values: {0}".F(startingCashOptions.JoinWith(", ")));
return true;
}
server.LobbyInfo.GlobalSettings.StartingCash = requestedCash;
server.SyncLobbyGlobalSettings(); server.SyncLobbyGlobalSettings();
server.SendMessage("{0} changed Starting Cash to ${1}.".F(client.Name, s)); server.SendMessage("{0} changed Starting Cash to ${1}.".F(client.Name, requestedCash));
return true; return true;
} }
@@ -660,6 +675,14 @@ namespace OpenRA.Mods.Common.Server
return true; return true;
} }
var techlevels = server.Map.Rules.Actors["player"].TraitInfos<ProvidesTechPrerequisiteInfo>().Select(t => t.Name);
if (!techlevels.Contains(s))
{
server.SendOrderTo(conn, "Message", "Invalid tech level selected: {0}".F(s));
server.SendOrderTo(conn, "Message", "Supported values: {0}".F(techlevels.JoinWith(", ")));
return true;
}
server.LobbyInfo.GlobalSettings.TechLevel = s; server.LobbyInfo.GlobalSettings.TechLevel = s;
server.SyncLobbyInfo(); server.SyncLobbyInfo();
server.SendMessage("{0} changed Tech Level to {1}.".F(client.Name, s)); server.SendMessage("{0} changed Tech Level to {1}.".F(client.Name, s));
@@ -773,6 +796,16 @@ namespace OpenRA.Mods.Common.Server
if (server.LobbyInfo.Slots[targetClient.Slot].LockFaction) if (server.LobbyInfo.Slots[targetClient.Slot].LockFaction)
return true; return true;
var factions = server.Map.Rules.Actors["world"].TraitInfos<FactionInfo>()
.Where(f => f.Selectable).Select(f => f.InternalName);
if (!factions.Contains(parts[1]))
{
server.SendOrderTo(conn, "Message", "Invalid faction selected: {0}".F(parts[1]));
server.SendOrderTo(conn, "Message", "Supported values: {0}".F(factions.JoinWith(", ")));
return true;
}
targetClient.Faction = parts[1]; targetClient.Faction = parts[1];
server.SyncLobbyClients(); server.SyncLobbyClients();
return true; return true;