… | |
… | |
3 | * |
3 | * |
4 | * Copyright (©) 2005,2006,2007,2008 Marc Alexander Lehmann / Robin Redeker / the Deliantra team |
4 | * Copyright (©) 2005,2006,2007,2008 Marc Alexander Lehmann / Robin Redeker / the Deliantra team |
5 | * Copyright (©) 2002,2007 Mark Wedel & Crossfire Development Team |
5 | * Copyright (©) 2002,2007 Mark Wedel & Crossfire Development Team |
6 | * Copyright (©) 1992,2007 Frank Tore Johansen |
6 | * Copyright (©) 1992,2007 Frank Tore Johansen |
7 | * |
7 | * |
8 | * Deliantra is free software: you can redistribute it and/or modify |
8 | * Deliantra is free software: you can redistribute it and/or modify it under |
9 | * it under the terms of the GNU General Public License as published by |
9 | * the terms of the Affero GNU General Public License as published by the |
10 | * the Free Software Foundation, either version 3 of the License, or |
10 | * Free Software Foundation, either version 3 of the License, or (at your |
11 | * (at your option) any later version. |
11 | * option) any later version. |
12 | * |
12 | * |
13 | * This program is distributed in the hope that it will be useful, |
13 | * This program is distributed in the hope that it will be useful, |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | * GNU General Public License for more details. |
16 | * GNU General Public License for more details. |
17 | * |
17 | * |
18 | * You should have received a copy of the GNU General Public License |
18 | * You should have received a copy of the Affero GNU General Public License |
19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
19 | * and the GNU General Public License along with this program. If not, see |
|
|
20 | * <http://www.gnu.org/licenses/>. |
20 | * |
21 | * |
21 | * The authors can be reached via e-mail to <support@deliantra.net> |
22 | * The authors can be reached via e-mail to <support@deliantra.net> |
22 | */ |
23 | */ |
23 | |
24 | |
24 | /* |
25 | /* |
… | |
… | |
32 | #include <time.h> |
33 | #include <time.h> |
33 | #include <signal.h> |
34 | #include <signal.h> |
34 | |
35 | |
35 | #include <global.h> |
36 | #include <global.h> |
36 | #include <material.h> |
37 | #include <material.h> |
|
|
38 | #include <object.h> |
37 | |
39 | |
38 | #include <sys/time.h> |
40 | #include <sys/time.h> |
39 | #include <sys/resource.h> |
41 | #include <sys/resource.h> |
40 | |
42 | |
41 | #include <glib.h> |
43 | #include <glib.h> |
… | |
… | |
226 | int j; |
228 | int j; |
227 | |
229 | |
228 | if (!op->materialname) |
230 | if (!op->materialname) |
229 | return; |
231 | return; |
230 | |
232 | |
231 | if (change->materialname && strcmp (op->materialname, change->materialname)) |
233 | if (op->materialname != change->materialname) |
232 | return; |
234 | return; |
233 | |
235 | |
234 | if (!op->is_armor ()) |
236 | if (!op->is_armor ()) |
235 | return; |
237 | return; |
236 | |
238 | |
… | |
… | |
408 | } |
410 | } |
409 | } |
411 | } |
410 | result[resultlen] = '\0'; |
412 | result[resultlen] = '\0'; |
411 | } |
413 | } |
412 | |
414 | |
413 | /** |
415 | /******************************************************************************/ |
414 | * Taking a string as an argument, mutate it into a string that looks like a list. |
|
|
415 | * a 'list' for the purposes here, is a string of items, seperated by commas, except |
|
|
416 | * for the last entry, which has an 'and' before it, and a full stop (period) after it. |
|
|
417 | * This function will also strip all trailing non alphanumeric characters. |
|
|
418 | * It does not insert an oxford comma. |
|
|
419 | */ |
|
|
420 | void |
|
|
421 | make_list_like (char *input) |
|
|
422 | { |
|
|
423 | char *p, tmp[MAX_BUF]; |
|
|
424 | int i; |
|
|
425 | |
416 | |
426 | if (!input || strlen (input) > MAX_BUF - 5) |
417 | /* Checks a player-provided string which will become the msg property of |
427 | return; |
418 | * an object for dangerous input. |
428 | /* bad stuff would happen if we continued here, the -5 is to make space for ' and ' */ |
419 | */ |
|
|
420 | bool |
|
|
421 | msg_is_safe (const char *msg) |
|
|
422 | { |
|
|
423 | bool safe = true; |
429 | |
424 | |
430 | strncpy (tmp, input, MAX_BUF - 5); |
425 | /* Trying to cheat by getting data into the object */ |
431 | /*trim all trailing commas, spaces etc. */ |
426 | if (!strncmp (msg, "endmsg", sizeof ("endmsg") - 1) |
432 | for (i = strlen (tmp); !isalnum (tmp[i]) && i >= 0; i--) |
427 | || strstr (msg, "\nendmsg")) |
433 | tmp[i] = '\0'; |
428 | safe = false; |
434 | |
429 | |
435 | strcat (tmp, "."); |
430 | /* Trying to make the object talk, and potentially access arbitrary code */ |
|
|
431 | if (object::msg_has_dialogue (msg)) |
|
|
432 | safe = false; |
436 | |
433 | |
437 | p = strrchr (tmp, ','); |
|
|
438 | if (p) |
|
|
439 | { |
|
|
440 | *p = '\0'; |
|
|
441 | strcpy (input, tmp); |
|
|
442 | p++; |
|
|
443 | strcat (input, " and"); |
|
|
444 | strcat (input, p); |
|
|
445 | } |
|
|
446 | else |
|
|
447 | strcpy (input, tmp); |
|
|
448 | |
|
|
449 | return; |
434 | return safe; |
450 | } |
435 | } |
451 | |
436 | |
452 | ///////////////////////////////////////////////////////////////////////////// |
437 | ///////////////////////////////////////////////////////////////////////////// |
453 | |
438 | |
454 | void |
439 | void |
… | |
… | |
559 | |
544 | |
560 | #endif |
545 | #endif |
561 | |
546 | |
562 | /******************************************************************************/ |
547 | /******************************************************************************/ |
563 | |
548 | |
|
|
549 | int |
564 | void assign (char *dst, const char *src, int maxlen) |
550 | assign (char *dst, const char *src, int maxsize) |
565 | { |
551 | { |
566 | if (!src) |
552 | if (!src) |
567 | src = ""; |
553 | src = ""; |
568 | |
554 | |
569 | int len = strlen (src); |
555 | int len = strlen (src); |
570 | |
556 | |
571 | if (len >= maxlen - 1) |
557 | if (len >= maxsize) |
572 | { |
558 | { |
573 | if (maxlen <= 4) |
559 | if (maxsize <= 4) |
574 | { |
560 | { |
575 | memset (dst, '.', maxlen - 1); |
561 | memset (dst, '.', maxsize - 2); |
576 | dst [maxlen - 1] = 0; |
562 | dst [maxsize - 1] = 0; |
577 | } |
563 | } |
578 | else |
564 | else |
579 | { |
565 | { |
580 | memcpy (dst, src, maxlen - 4); |
566 | memcpy (dst, src, maxsize - 4); |
581 | memcpy (dst + maxlen - 4, "...", 4); |
567 | memcpy (dst + maxsize - 4, "...", 4); |
582 | } |
568 | } |
|
|
569 | |
|
|
570 | len = maxsize; |
583 | } |
571 | } |
584 | else |
572 | else |
585 | memcpy (dst, src, len + 1); |
573 | memcpy (dst, src, ++len); |
586 | } |
|
|
587 | |
574 | |
588 | const char * |
575 | return len; |
|
|
576 | } |
|
|
577 | |
|
|
578 | char * |
|
|
579 | vformat (const char *format, va_list ap) |
|
|
580 | { |
|
|
581 | static dynbuf_text buf; buf.clear (); |
|
|
582 | buf.vprintf (format, ap); |
|
|
583 | return buf; |
|
|
584 | } |
|
|
585 | |
|
|
586 | char * |
589 | format (const char *format, ...) |
587 | format (const char *format, ...) |
590 | { |
588 | { |
591 | static dynbuf_text buf; |
|
|
592 | |
|
|
593 | buf.clear (); |
|
|
594 | |
|
|
595 | va_list ap; |
589 | va_list ap; |
596 | va_start (ap, format); |
590 | va_start (ap, format); |
597 | buf.vprintf (format, ap); |
591 | char *buf = vformat (format, ap); |
598 | va_end (ap); |
592 | va_end (ap); |
599 | |
593 | |
600 | return buf; |
594 | return buf; |
601 | } |
595 | } |
602 | |
596 | |