diff options
Diffstat (limited to 'src/map')
| -rw-r--r-- | src/map/clif.cpp | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/map/clif.cpp b/src/map/clif.cpp index ea39ecb..386ac63 100644 --- a/src/map/clif.cpp +++ b/src/map/clif.cpp @@ -3852,9 +3852,18 @@ RecvResult clif_parse_GlobalMessage(Session *s, dumb_ptr<map_session_data> sd) } /* It's not a spell/magic message, so send the message to others. */ + Buffer sendbuf; clif_message_sub(sendbuf, sd, mbuf); - clif_send(sendbuf, sd, SendWho::AREA_CHAT_WOC); + + Buffer filteredBuf; // ManaPlus remote execution exploit prevention + XString filtered = mbuf; + if (mbuf.contains_seq("@@="_s) && mbuf.contains('|')) + filtered = "##B##3[##1Impossible to see this message. Please update your client.##3]"_s; + clif_message_sub(filteredBuf, sd, filtered); + + clif_send(sendbuf, sd, SendWho::AREA_CHAT_WOC, + wrap<ClientVersion>(6), filteredBuf); } /* Send the message back to the speaker. */ @@ -5692,14 +5701,6 @@ AString clif_validate_chat(dumb_ptr<map_session_data> sd, ChatType type, XString return AString(); } - // ManaPlus remote command vulnerability fix - if (buf.contains_seq("@@="_s) && buf.contains('|')) - { - clif_setwaitclose(sd->sess); - WARN_MALFORMED_MSG(sd, "remote command exploit attempt"_s); - return AString(); - } - // Step beyond the separator. for older clients if (type == ChatType::Global && sd->client_version < wrap<ClientVersion>(6)) return buf.xslice_t(sd->status_key.name.to__actual().size() + 3); |