From 7c730917decf9dd8b78f3269ff3256c542ae442d Mon Sep 17 00:00:00 2001
From: Dipesh Amin <yaypunkrock@gmail.com>
Date: Sat, 3 Sep 2011 17:49:56 +0100
Subject: Filter allowed whisper characters to only ones that can be used in
 names.

Also add some protection for the !money command, if an item_add fails, the trade
shouldn't be set as complete.
---
 main.py  | 11 +++++++++--
 utils.py |  2 ++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/main.py b/main.py
index ccc1b6b..7366a33 100755
--- a/main.py
+++ b/main.py
@@ -38,7 +38,7 @@ sale_tree = tradey.ItemTree()
 ItemLog = utils.ItemLog()
 
 def process_whisper(nick, msg, mapserv):
-    msg = filter(lambda x: x in string.printable, msg)
+    msg = filter(lambda x: x in utils.allowed_chars, msg)
     user = user_tree.get_user(nick)
     broken_string = msg.split()
 
@@ -860,7 +860,6 @@ def main():
                         mapserv.sendall(trade_add_item(0-inventory_offset, amount))
                         mapserv.sendall(str(PacketOut(CMSG_TRADE_ADD_COMPLETE)))
                         mapserv.sendall(str(PacketOut(CMSG_TRADE_OK)))
-                        trader_state.complete = 1
 
                 else:
                     logging.info("Trade response: Trade cancelled")
@@ -915,6 +914,14 @@ def main():
                     if index != 0-inventory_offset: # If it's not money
                         logging.info("Remove item: %s, Amount: %s, Index: %s", ItemDB.getItem(player_node.inventory[index].itemId).name, str(amount),str(index))
                         player_node.remove_item(index, amount)
+                    else:
+                        logging.info("Money Added: %s", str(amount))
+                        if trader_state.money:
+                            amount_added = int(user_tree.get_user(trader_state.money).get('money'))
+                            if amount != amount_added:
+                                mapserv.sendall(str(PacketOut(CMSG_TRADE_CANCEL_REQUEST)))
+                            else:
+                                trader_state.complete = 1
 
                 elif response == 1:
                     logging.info("Trade item add response: Failed - player overweight.")
diff --git a/utils.py b/utils.py
index d9d0319..8d66977 100644
--- a/utils.py
+++ b/utils.py
@@ -14,6 +14,8 @@ import mutex
 import threading
 from net.packet_out import *
 
+allowed_chars = "abcdefghijklmnoprstquvwxyzABCDEFGHIJKLMNOPRSTQUVWXYZ1234567890-_+=!@$%^&*();'<>,.?/~`|"
+
 # Process a recieved ip address.
 def parse_ip(a):
     return "%s.%s.%s.%s" % ((a % 256),((a >> 8) % 256),((a >> 16) % 256),((a >> 24) % 256))
-- 
cgit v1.2.3-70-g09d2