From 371d056df80b6f83484534f64883c3d020c4112d Mon Sep 17 00:00:00 2001 From: Emistry Haoyan Date: Sun, 16 Jun 2019 18:44:45 +0800 Subject: Sanitize handling of the input() values. - avoid potential hacks for old scripts that use `input()` script commands. Signed-off-by: Haru --- npc/cities/alberta.txt | 6 +++--- npc/cities/aldebaran.txt | 8 +++++--- npc/cities/geffen.txt | 30 +++++++++++++++--------------- npc/cities/jawaii.txt | 2 +- npc/cities/lighthalzen.txt | 20 ++++++++++---------- 5 files changed, 34 insertions(+), 32 deletions(-) (limited to 'npc/cities') diff --git a/npc/cities/alberta.txt b/npc/cities/alberta.txt index ed4be5438..abac7b76a 100644 --- a/npc/cities/alberta.txt +++ b/npc/cities/alberta.txt @@ -347,7 +347,7 @@ alberta,190,173,4 script Phelix 4_M_03,{ mes "[Phelix]"; mes "I'm not giving you more then 100 at a time so don't bother, OK? If you don't want any, just say '0'."; mes "Right now, the most you can get is " + .@max + " but remember, 100 at most, you want to break my back?."; - input .@amount; + input(.@amount); next; mes "[Phelix]"; if (.@amount <= 0) { @@ -396,10 +396,10 @@ alberta,190,173,4 script Phelix 4_M_03,{ case 2: mes "[Phelix]"; mes "Right I'm not giving you more then 100 at a time so don't bother, okay? If you don't want any, just say '0'."; - input .@amount; + input(.@amount); next; mes "[Phelix]"; - if (.@amount == 0) { + if (.@amount <= 0) { mes "Alright then, see you next time."; close; } diff --git a/npc/cities/aldebaran.txt b/npc/cities/aldebaran.txt index 57d4205df..bd74a8971 100644 --- a/npc/cities/aldebaran.txt +++ b/npc/cities/aldebaran.txt @@ -1200,8 +1200,9 @@ function script F_Lottery { mes "[Kafra]"; mes "How many times do you want the Lottery Machine to spin? You can choose up to 5 times."; next; - input @input; - if(@input < 1 || @input > 5) @input = rand(1,5); //Lupus's fix + input(@input); + if (@input < 1 || @input > 5) + @input = rand(1,5); // Lupus's fix callsub sF_Spin; mes "[Kafra]"; mes "Ok~ Let me check the results~ guess what it is?"; @@ -1274,7 +1275,8 @@ sF_Spin: next; @temp = rand(10); --@input; - if(@input <= 0) return; + if (@input <= 0) + return; } } diff --git a/npc/cities/geffen.txt b/npc/cities/geffen.txt index 7f299dfa2..2bc972c70 100644 --- a/npc/cities/geffen.txt +++ b/npc/cities/geffen.txt @@ -274,8 +274,8 @@ OnTouch: mes "them at a time."; next; while(1) { - input .@input; - if (.@input == 0) { + input(.@input); + if (.@input <= 0) { mes "[Suspicious Guy]"; if (Sex == SEX_MALE) mes "Ah duuuuuude~ You're breakin' my heart! I mean, at these prices, I'm practically performing charity!"; @@ -283,14 +283,14 @@ OnTouch: mes "W-waaaait! You didn't let me tell you the part about how Red Potions help you lose and gain weight in all the right places! Waaaaait!"; close; } - else if (.@input > 100) { + if (.@input > 100) { mes "[Suspicious Guy]"; mes "Whoa..."; mes "I can't let you buy that many. I mean, it's not like, you know, there's a trace impurity in these Potions or anything like that..."; next; + continue; } - else - break; + break; } .@Red_potion_hap = .@input * 500; if (Zeny < .@Red_potion_hap) { @@ -344,8 +344,8 @@ OnTouch: mes "There's no way you can pass this up! Now, how many do you want?"; next; while(1) { - input .@input; - if (.@input == 0) { + input(.@input); + if (.@input <= 0) { mes "[Suspicious Guy]"; mes "Man, how many chances of a lifetime have you passed up? Man, I hope you win the lottery..."; mes "You'd probably"; @@ -353,14 +353,14 @@ OnTouch: close; } - else if (.@input > 100) { + if (.@input > 100) { mes "[Suspicious Guy]"; mes "Whoa!"; mes "I can't sell that many Daggers! That'll attract the Prontera Chiv--I mean, um, I was gonna donate some Daggers to... Hungry children?"; next; + continue; } - else - break; + break; } .@Main_gauche_hap = .@input * 9400; if (Zeny < .@Main_gauche_hap) { @@ -398,21 +398,21 @@ OnTouch: mes "Clearly, this is the deal of the century. So how many do you want?"; next; while(1) { - input .@input; - if (.@input == 0) { + input(.@input); + if (.@input <= 0) { mes "[Suspicious Guy]"; mes "Awww..."; mes "It wasn't because of the whole drawstrings thing, was it?"; close; } - else if (.@input > 100) { + if (.@input > 100) { mes "[Suspicious Guy]"; mes "Whoa~!"; mes "I can't sell you that many! What are you trying to do, take advantage of me?"; next; + continue; } - else - break; + break; } .@Hood__hap = .@input * 930; if (Zeny < .@Hood__hap) { diff --git a/npc/cities/jawaii.txt b/npc/cities/jawaii.txt index 71ec8264f..7e117b45c 100644 --- a/npc/cities/jawaii.txt +++ b/npc/cities/jawaii.txt @@ -880,7 +880,7 @@ jawaii_in,28,124,0 script Bartender#jaw 1_ETC_01,{ mes "Bartender,"; mes "I'm so depressed"; mes "because of..."; - input .@inputstr$; + input(.@inputstr$); mes .@inputstr$+"..."; next; mes "[Bartender]"; diff --git a/npc/cities/lighthalzen.txt b/npc/cities/lighthalzen.txt index 3cbe900c3..88f117747 100644 --- a/npc/cities/lighthalzen.txt +++ b/npc/cities/lighthalzen.txt @@ -561,16 +561,8 @@ lighthalzen,182,102,3 script Lucius#zen5 4_M_LGTGRAND,{ mes "starving children. If you wish"; mes "to cancel, please enter ''0.''"; next; - input .@input; - if (.@input > 30000 || .@input < 0) { - mes "[Lucius]"; - mes "Please enter a value"; - mes "from 1 to 30,000 in"; - mes "order to make a donation"; - mes "to the needy, youngster."; - close; - } - else if (.@input == 0) { + input(.@input); + if (.@input == 0) { mes "[Lucius]"; mes "How disappointing,"; mes "but I'm sure you have"; @@ -580,6 +572,14 @@ lighthalzen,182,102,3 script Lucius#zen5 4_M_LGTGRAND,{ mes "to come back at any time."; close; } + if (.@input > 30000 || .@input < 1) { + mes "[Lucius]"; + mes "Please enter a value"; + mes "from 1 to 30,000 in"; + mes "order to make a donation"; + mes "to the needy, youngster."; + close; + } mes "[Lucius]"; mes "Thank you so much"; mes "for your " + .@input + " zeny donation."; -- cgit v1.2.3-60-g2f50