From 607d40ebcac47555cc01da8ee61c2fae5cec3186 Mon Sep 17 00:00:00 2001
From: mekolat <mekolat@users.noreply.github.com>
Date: Sun, 10 Apr 2016 17:27:52 -0400
Subject: modify remote execution prevention, check for client version

---
 src/map/clif.cpp | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/map/clif.cpp b/src/map/clif.cpp
index ea39ecb..386ac63 100644
--- a/src/map/clif.cpp
+++ b/src/map/clif.cpp
@@ -3852,9 +3852,18 @@ RecvResult clif_parse_GlobalMessage(Session *s, dumb_ptr<map_session_data> sd)
         }
 
         /* It's not a spell/magic message, so send the message to others. */
+
         Buffer sendbuf;
         clif_message_sub(sendbuf, sd, mbuf);
-        clif_send(sendbuf, sd, SendWho::AREA_CHAT_WOC);
+
+        Buffer filteredBuf; // ManaPlus remote execution exploit prevention
+        XString filtered = mbuf;
+        if (mbuf.contains_seq("@@="_s) && mbuf.contains('|'))
+            filtered = "##B##3[##1Impossible to see this message. Please update your client.##3]"_s;
+        clif_message_sub(filteredBuf, sd, filtered);
+
+        clif_send(sendbuf, sd, SendWho::AREA_CHAT_WOC,
+            wrap<ClientVersion>(6), filteredBuf);
     }
 
     /* Send the message back to the speaker. */
@@ -5692,14 +5701,6 @@ AString clif_validate_chat(dumb_ptr<map_session_data> sd, ChatType type, XString
         return AString();
     }
 
-    // ManaPlus remote command vulnerability fix
-    if (buf.contains_seq("@@="_s) && buf.contains('|'))
-    {
-        clif_setwaitclose(sd->sess);
-        WARN_MALFORMED_MSG(sd, "remote command exploit attempt"_s);
-        return AString();
-    }
-
     // Step beyond the separator. for older clients
     if (type == ChatType::Global && sd->client_version < wrap<ClientVersion>(6))
         return buf.xslice_t(sd->status_key.name.to__actual().size() + 3);
-- 
cgit v1.2.3-60-g2f50