nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-28 08:06:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(Core/Chat): new argument parsing and unify chat hyperlink parsing (#6243)

Browse Source
This commit is contained in:
Kargatum
2021-10-23 15:15:42 +07:00
committed by GitHub
parent 1101f9dd2a
commit bc9473482e
90 changed files with 4280 additions and 2508 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/server/game/Handlers/ChannelHandler.cpp
View File

@@ -46,10 +46,10 @@ void WorldSession::HandleJoinChannel(WorldPacket& recvPacket)
if (isdigit(channelName[0]))
return;
// pussywizard: restrict allowed characters in channel name to avoid |0 and possibly other exploits
//if (!ObjectMgr::IsValidChannelName(channelName))
if (channelName.find("|") != std::string::npos || channelName.size() >= 100)
if (channelName.size() >= 100 || !DisallowHyperlinksAndMaybeKick(channelName))
{
return;
}
if (ChannelMgr* cMgr = ChannelMgr::forTeam(GetPlayer()->GetTeamId()))
{

35
src/server/game/Handlers/ChatHandler.cpp
View File

@@ -304,20 +304,6 @@ void WorldSession::HandleMessagechatOpcode(WorldPacket& recvData)
SendNotification(GetAcoreString(LANG_WAIT_BEFORE_SPEAKING), timeStr.c_str());
return;
}
if (lang != LANG_ADDON)
{
if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_SEVERITY) && !ChatHandler(this).isValidChatMessage(msg.c_str()))
{
//LOG_ERROR("network.opcode", "Player %s (%s) sent a chatmessage with an invalid link: %s", GetPlayer()->GetName().c_str(),
// GetPlayer()->GetGUID().ToString().c_str(), msg.c_str());
if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK))
KickPlayer("CONFIG_CHAT_STRICT_LINK_CHECKING_KICK");
return;
}
}
}
// do message validity checks
@@ -352,29 +338,14 @@ void WorldSession::HandleMessagechatOpcode(WorldPacket& recvData)
auto end = std::unique(msg.begin(), msg.end(), [](char c1, char c2) { return (c1 == ' ') && (c2 == ' '); });
msg.erase(end, msg.end());
}
}
// exploit
size_t found1 = msg.find("|Hquest");
if (found1 != std::string::npos)
{
size_t found2 = msg.find(":", found1 + 8);
size_t found3 = msg.find("|", found1 + 8);
if (found3 != std::string::npos)
// Validate hyperlinks
if (!ValidateHyperlinksAndMaybeKick(msg))
{
if (found2 == std::string::npos)
return;
if (found2 > found3)
return;
return;
}
}
// prevent crash player
if (msg.find("| |Hquest") != std::string::npos)
{
return;
}
sScriptMgr->OnBeforeSendChatMessage(_player, type, lang, msg);
switch (type)

26
src/server/game/Handlers/TicketHandler.cpp
View File

@@ -61,6 +61,11 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
recvData >> x >> y >> z;
recvData >> message;
if (!ValidateHyperlinksAndMaybeKick(message))
{
return;
}
recvData >> needResponse;
recvData >> needMoreHelp;
@@ -96,6 +101,11 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
recvData.rfinish(); // Will still have compressed data in buffer.
}
if (!chatLog.empty() && !ValidateHyperlinksAndMaybeKick(chatLog))
{
return;
}
ticket = new GmTicket(GetPlayer());
ticket->SetPosition(mapId, x, y, z);
ticket->SetMessage(message);
@@ -122,6 +132,11 @@ void WorldSession::HandleGMTicketUpdateOpcode(WorldPacket& recv_data)
std::string message;
recv_data >> message;
if (!ValidateHyperlinksAndMaybeKick(message))
{
return;
}
GMTicketResponse response = GMTICKET_RESPONSE_UPDATE_ERROR;
if (GmTicket* ticket = sTicketMgr->GetTicketByPlayer(GetPlayer()->GetGUID()))
{
@@ -187,6 +202,7 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
std::unordered_set<uint32> surveyIds;
CharacterDatabaseTransaction trans = CharacterDatabase.BeginTransaction();
// sub_survey1, r1, comment1, sub_survey2, r2, comment2, sub_survey3, r3, comment3, sub_survey4, r4, comment4, sub_survey5, r5, comment5, sub_survey6, r6, comment6, sub_survey7, r7, comment7, sub_survey8, r8, comment8, sub_survey9, r9, comment9, sub_survey10, r10, comment10,
for (uint8 i = 0; i < 10; i++)
{
@@ -200,6 +216,11 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
std::string comment; // comment ("Usage: GMSurveyAnswerSubmit(question, rank, comment)")
recv_data >> comment;
if (!ValidateHyperlinksAndMaybeKick(comment))
{
return;
}
// make sure the same sub survey is not added to DB twice
if (!surveyIds.insert(subSurveyId).second)
continue;
@@ -215,6 +236,11 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
std::string comment; // just a guess
recv_data >> comment;
if (!ValidateHyperlinksAndMaybeKick(comment))
{
return;
}
CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SURVEY);
stmt->setUInt32(0, GetPlayer()->GetGUID().GetCounter());
stmt->setUInt32(1, nextSurveyID);