summaryrefslogtreecommitdiff
path: root/src/game/g_cmds.c
diff options
context:
space:
mode:
author/dev/humancontroller <devhc@example.com>2017-04-15 15:24:46 +0200
committer/dev/humancontroller <devhc@example.com>2017-04-15 15:24:46 +0200
commit8f5c5668a2ff7988455f26516d39baf73c54f4e0 (patch)
treee9071af2a27e109644414a9106cfeb59da174c8e /src/game/g_cmds.c
parentd2272964dfbd421d8fd2111f59449ae4f98801ce (diff)
in the vote calling functions, protect against the dreaded exploit of '\n'-interpretation inside quotes
Diffstat (limited to 'src/game/g_cmds.c')
-rw-r--r--src/game/g_cmds.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/game/g_cmds.c b/src/game/g_cmds.c
index 90fae9b..5c5101b 100644
--- a/src/game/g_cmds.c
+++ b/src/game/g_cmds.c
@@ -1821,7 +1821,7 @@ void Cmd_CallVote_f( gentity_t *ent )
trap_Argv( 1, arg1, sizeof( arg1 ) );
trap_Argv( 2, arg2, sizeof( arg2 ) );
- if( strchr( arg1plus, ';' ) )
+ if( strchr( arg1plus, '\n' ) || strchr( arg1plus, '\r' ) )
{
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string\n\"" );
return;