From 8f5c5668a2ff7988455f26516d39baf73c54f4e0 Mon Sep 17 00:00:00 2001
From: /dev/humancontroller <devhc@example.com>
Date: Sat, 15 Apr 2017 15:24:46 +0200
Subject: in the vote calling functions, protect against the dreaded exploit of
 '\n'-interpretation inside quotes

---
 src/game/g_cmds.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/game/g_cmds.c b/src/game/g_cmds.c
index 90fae9b..5c5101b 100644
--- a/src/game/g_cmds.c
+++ b/src/game/g_cmds.c
@@ -1821,7 +1821,7 @@ void Cmd_CallVote_f( gentity_t *ent )
   trap_Argv( 1, arg1, sizeof( arg1 ) );
   trap_Argv( 2, arg2, sizeof( arg2 ) );
 
-  if( strchr( arg1plus, ';' ) )
+  if( strchr( arg1plus, '\n' ) || strchr( arg1plus, '\r' ) )
   {
     trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string\n\"" );
     return;
-- 
cgit