From 371d056df80b6f83484534f64883c3d020c4112d Mon Sep 17 00:00:00 2001 From: Emistry Haoyan Date: Sun, 16 Jun 2019 18:44:45 +0800 Subject: Sanitize handling of the input() values. - avoid potential hacks for old scripts that use `input()` script commands. Signed-off-by: Haru --- npc/re/jobs/2e/kagerou_oboro.txt | 2 +- npc/re/jobs/3-1/archbishop.txt | 4 +- npc/re/jobs/3-1/rune_knight.txt | 2 +- npc/re/jobs/3-2/royal_guard.txt | 6 +- npc/re/jobs/3-2/shadow_chaser.txt | 12 +- npc/re/jobs/3-2/wanderer.txt | 2 +- npc/re/jobs/novice/academy.txt | 410 +++++++++++++++++++------------------- 7 files changed, 221 insertions(+), 217 deletions(-) (limited to 'npc/re/jobs') diff --git a/npc/re/jobs/2e/kagerou_oboro.txt b/npc/re/jobs/2e/kagerou_oboro.txt index 5818bb4fd..f03dece93 100644 --- a/npc/re/jobs/2e/kagerou_oboro.txt +++ b/npc/re/jobs/2e/kagerou_oboro.txt @@ -659,7 +659,7 @@ job_ko,25,115,4 script Old Man#ko 4_M_KAGE_OLD,{ mes "[Leader Gion]"; mes "You've come back already? You could have rested more. Is there a reason to hurry?"; next; - input .@inputstr$; + input(.@inputstr$); cutin "job_ko03",2; mes "[Leader Gion]"; mes "Because of ^B24E59" + .@inputstr$ + "^000000?"; diff --git a/npc/re/jobs/3-1/archbishop.txt b/npc/re/jobs/3-1/archbishop.txt index e37087857..90dadd8d1 100644 --- a/npc/re/jobs/3-1/archbishop.txt +++ b/npc/re/jobs/3-1/archbishop.txt @@ -243,7 +243,7 @@ umbala,139,227,3 script Priest#arch 1_M_PASTOR,{ mes "[" + strcharinfo(PC_NAME) + "]"; mes "Hmm, I wanted to tell you..."; next; - input .@inputstr$; + input(.@inputstr$); mes "[" + strcharinfo(PC_NAME) + "]"; mes "" + .@inputstr$ + ""; next; @@ -483,7 +483,7 @@ OnTouch: next; mes "[" + strcharinfo(PC_NAME) + "]"; mes "Pain... What kind of faults have I had?"; - input .@inputstr$; + input(.@inputstr$); next; mes "[" + strcharinfo(PC_NAME) + "]"; mes "I confess my guilt to the Almighty God Odin."; diff --git a/npc/re/jobs/3-1/rune_knight.txt b/npc/re/jobs/3-1/rune_knight.txt index ad8ab8f74..6230746b1 100644 --- a/npc/re/jobs/3-1/rune_knight.txt +++ b/npc/re/jobs/3-1/rune_knight.txt @@ -962,7 +962,7 @@ job3_rune01,58,51,1 script Rune Furnace CLEAR_NPC,{ next; mes .@str$[1]; next; - input .@inputstr$; + input(.@inputstr$); if (.@inputstr$ == .@str$[0]) { mes "[Rune Knight Renoa]"; mes "Wow! This is great. The image of the rune stone in my head and the modeled rune stone match perfectly. It's well made."; diff --git a/npc/re/jobs/3-2/royal_guard.txt b/npc/re/jobs/3-2/royal_guard.txt index 87cf554ad..8924d61dd 100644 --- a/npc/re/jobs/3-2/royal_guard.txt +++ b/npc/re/jobs/3-2/royal_guard.txt @@ -521,7 +521,7 @@ sec_in02,12,43,3 script sorcereryal 1_M_LIBRARYMASTER,1,1,{ switch(select("Royal Guard", "Rune Knight", "Sorcerer")) { case 1: mes "1~5"; - input .@input; + input(.@input); next; if (.@input < 1 || .@input > 5) { mes "Set item to adjust the Royal Guard"; @@ -533,7 +533,7 @@ sec_in02,12,43,3 script sorcereryal 1_M_LIBRARYMASTER,1,1,{ close; case 2: mes "1~24"; - input .@input; + input(.@input); next; if (.@input < 1 || .@input > 24) { mes "Set item to adjust the Rune Knight"; @@ -545,7 +545,7 @@ sec_in02,12,43,3 script sorcereryal 1_M_LIBRARYMASTER,1,1,{ close; case 3: mes "1~5"; - input .@input; + input(.@input); next; if (.@input < 1 || .@input > 5) { mes "Set item to adjust the Sorcerer"; diff --git a/npc/re/jobs/3-2/shadow_chaser.txt b/npc/re/jobs/3-2/shadow_chaser.txt index 9cdd3f732..3b6f6bcd0 100644 --- a/npc/re/jobs/3-2/shadow_chaser.txt +++ b/npc/re/jobs/3-2/shadow_chaser.txt @@ -327,7 +327,7 @@ s_atelier,65,123,5 script Manager#sc04_prt 4_M_KHKYEL,{ mes "Wow, you deciphered it?"; mes "So, what's the right answer?"; next; - input .@inputstr$; + input(.@inputstr$); if (.@inputstr$ == "shadows atelier in prontera" || .@inputstr$ == "SHADOWS ATELIER IN PRONTERA") { mes "[Manager]"; mes "Good."; @@ -1118,7 +1118,7 @@ L_Code: mes "["+strcharinfo(PC_NAME)+"]"; mes "Paul said..."; next; - input .@inputstr$; + input(.@inputstr$); mes "["+strcharinfo(PC_NAME)+"]"; mes "Paul said..."; mes "'"+.@inputstr$+"' ."; @@ -1694,7 +1694,7 @@ tur_dun03,38,209,1 script Blue Flame#sc_f01 4_NFWISP,{ mes "A blue flame is roaring."; mes "The deciphered code means..."; next; - input .@inputstr$; + input(.@inputstr$); .@dap01$ = "blue fire in turtle island third floor"; .@dap02$ = "BLUE FIRE IN TURTLE ISLAND THIRD FLOOR"; if (.@inputstr$ != .@dap01$ && .@inputstr$ != .@dap02$) { @@ -1986,7 +1986,7 @@ job3_sha01,22,78,0 script ????#keybox01 CLEAR_NPC,{ mes " "; mes "And also letters. They are blinking as if waiting for a code to be input."; next; - input .@inputstr$; + input(.@inputstr$); if (.@inputstr$ == .@Codes2$[.@i] || .@inputstr$ == strtolower(.@Codes2$[.@i])) { mes "When you put the correct answer in there,"; mes "the box is opened."; @@ -2042,7 +2042,7 @@ job3_sha01,25,28,0 script ????#keybox02 CLEAR_NPC,{ next; switch(select("Input the answer.", "I can't get it.")) { case 1: - input .@input; + input(.@input); if (.@input == .@numbers[.@i]) { mes "You put 2 and "+(.@numbers[.@i]-20)+"."; mes "The box opens and you get one key."; @@ -2122,7 +2122,7 @@ job3_sha01,73,80,0 script ????#keybox03 CLEAR_NPC,{ mes "There's no code, so 1 should be A."; mes "And the answer is..."; next; - input .@inputstr$; + input(.@inputstr$); if (.@inputstr$ == "turn and shake" || .@inputstr$ == "TURN AND SHAKE") { mes "["+strcharinfo(PC_NAME)+"]"; mes "Turn... Turn... and"; diff --git a/npc/re/jobs/3-2/wanderer.txt b/npc/re/jobs/3-2/wanderer.txt index 30449e2fa..e9c88032a 100644 --- a/npc/re/jobs/3-2/wanderer.txt +++ b/npc/re/jobs/3-2/wanderer.txt @@ -252,7 +252,7 @@ xmas,132,143,5 script Performance Manager#wnd 4_M_06,{ next; mes "[" + strcharinfo(PC_NAME) + "]"; mes "It's because..."; - input .@inputstr$; + input(.@inputstr$); mes "^3131FF" + .@inputstr$ + "^000000"; mes "......"; next; diff --git a/npc/re/jobs/novice/academy.txt b/npc/re/jobs/novice/academy.txt index 3b260d3db..567a28f25 100644 --- a/npc/re/jobs/novice/academy.txt +++ b/npc/re/jobs/novice/academy.txt @@ -4513,7 +4513,7 @@ iz_ac01,68,49,3 script General Store Owner#ac 4_F_03,{ } next(); input(.@input); - if (!.@input) { + if (.@input <= 0) { mes("[Querrie]"); mes("Well, you don't need to buy it now."); mes("Use it next time."); @@ -4525,7 +4525,7 @@ iz_ac01,68,49,3 script General Store Owner#ac 4_F_03,{ mes("You can buy up to 99 at once."); close(); } - set .@cost, .@input * (BaseLevel <= 20 ? 30 : 500); + .@cost = .@input * (BaseLevel <= 20 ? 30 : 500); mes("[Querrie]"); mesf("%d combination kits will cost you %d.... zeny.", .@input, .@cost); if (Zeny < .@cost) { @@ -5945,199 +5945,199 @@ iz_ac01,69,36,3 script Otter Samssoon#ac 4W_SAILOR,{ mes("If you want to stop, say 0."); next(); input(.@style); - if (.@style > 19) { - mes("[Otter Samssoon]"); - mes("Oh my!!? Honey~ You can use a coupon for the hair style in here~"); - close(); - } else if (!.@style) { + if (.@style <= 0) { mes("[Otter Samssoon]"); mes("Did you decide? Which style??"); mes("I want to touch your hair with my hands~ Honey~"); close(); - } else { - callsub(L_cutin, .@style); + } + if (.@style > 19) { mes("[Otter Samssoon]"); - switch(.@style) { - case 1: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Play Dead' cut?"); - mes("This looks neat and relaxed.. So popular style."); - } else { - mes("Oh my!!? 'First Aid' cut?"); - mes("This is and adorable style."); - mes("I guess it looks good on you too!!"); - } - break; - case 2: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Two Handed Sword Mastery' cut?"); - mes("You... You know the famous D..? He has exactly the same style!"); - } else { - mes("Oh my!!? 'Bash' cut?"); - mes("This style gives strong curls on both side hair."); - } - break; - case 3: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Napalm Beat' cut?"); - mes("It has well arranges hair line that makes feel charisma."); - } else { - mes("Oh my!!? 'Frost Diver' cut?"); - mes("It is mysterious style that gives cold and warm feeling at the same time."); - } - break; - case 4: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Double Strafe' cut?"); - mes("Natural hair is shaking by wind.. Clean and good feeling."); - } else { - mes("Oh my!!? 'Arrow Shower' cut?"); - mes("Cool and nice shaggy cut makes good style."); - } - break; - case 5: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Angelus' cut?"); - mes("Calm and piety feeling.. Not boring style."); - } else { - mes("Oh my!!? 'Heal' cut?"); - mes("Feminine style give healing feeling."); - } - break; - case 6: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Push Cart' cut?"); - mes("Big Kar is motivated for this style with a romance of a man."); - } else { - mes("Oh my!!? 'Vending' cut?"); - mes("Royal ladies like this style. Make good money style."); - } - break; - case 7: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Envenom' cut?"); - mes("Tough style makes addicted."); - } else { - mes("Oh my!!? 'Double Attack' cut?"); - mes("Whoever will dash twice for this style."); - mes("Ponytail is important."); - } - break; - case 8: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Bowling Bash' cut?"); - mes("This style makes a nice guy to challenge."); - mes("Just a giving a glance can steal the heart."); - } else { - mes("Oh my!!? 'Gloria' cut?"); - mes("This style is ultimately gorgeous and graceful."); - } - break; - case 9: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Venom Dust' cut?"); - mes("This style has special ending line that looks fatal."); - } else { - mes("Oh my!!? 'SP Recovery' cut?"); - mes("This style has neat cutting that inspires."); - } - break; - case 10: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Turn Undead' cut?"); - mes("This style is like a cold city man who is strong enough to kill a monster."); - } else { - mes("Oh my!!? 'Prepare Potion' cut?"); - mes("This style has a liquid medicine motive so it makes feel cure."); - } - break; - case 11: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Dragonology' cut?"); - mes("This style is intelligent style of mysterious dragon."); - } else { - mes("Oh my!!? 'Grand Cross' cut?"); - mes("Well trimmed hair cut line gives trust."); - } - break; - case 12: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Mace Mastery' cut?"); - mes("Look fresh and look neat with wax treatment."); - } else { - mes("Oh my!!? 'Intimidate' cut?"); - mes("This style is very familiar."); - } - break; - case 13: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Thunder Storm' cut?"); - mes("This style has natural attractive perm which is like hitting by thunder storm."); - } else { - mes("Oh my!!? 'Spiritual Sphere"); - mes("Calm and a little bit looks like a boy cut draw attention."); - } - break; - case 14: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Encore' cut?"); - mes("Rocker's favorite style.. Even the name itself.."); - } else { - mes("Oh my!!? 'Gypsy's Kiss' cut?"); - mes("The hair.. Kind to everyone.. Neat and round hair line is very soft and charming."); - } - break; - case 15: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Grimtooth' cut?"); - mes("The style with edge."); - } else { - mes("Oh my!!? 'Counter Attack' cut?"); - mes("It is the style that looks cold and arrogant. Hard to talk to.."); - mes("But might be nice to boyfriend..?"); - } - break; - case 16: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Blitz Beat' cut?"); - mes("It is the style my senior invented after he broke up with his girlfriends 5 times."); - } else { - mes("Oh my!!? 'Anke Snare' cut?"); - mes("It is killing style.. No one can take eyes off!"); - } - break; - case 17: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Find Ore' cut?"); - mes("This style seems to bring encounter or find unexpected things while walking on the street."); - } else { - mes("Oh my!!? 'Hammer Fall' cut?"); - mes("Stunning hair with attraction."); - } - break; - case 18: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Fire Pillar' cut?"); - mes("Everyone used to have this hair style.. Which means that was a trend of an era."); - } else { - mes("Oh my!!? 'Jupitel Thunder'"); - mes("Fresh style by giving light waves on both side hairs."); - } - break; - case 19: - if (Sex == SEX_MALE) { - mes("Oh my!!? 'Guillotine Fist'"); - mes("It is like one-shot style.. Like a real man. Right?"); - } else { - mes("Oh my!!? 'Whirlwind' cut?"); - mes("It is cool style which flows with wind. Lah, lah, lah, lah ~"); - } - break; + mes("Oh my!!? Honey~ You can use a coupon for the hair style in here~"); + close(); + } + callsub(L_cutin, .@style); + mes("[Otter Samssoon]"); + switch(.@style) { + case 1: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Play Dead' cut?"); + mes("This looks neat and relaxed.. So popular style."); + } else { + mes("Oh my!!? 'First Aid' cut?"); + mes("This is and adorable style."); + mes("I guess it looks good on you too!!"); } - close2(); - cutin("", 255); - end; + break; + case 2: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Two Handed Sword Mastery' cut?"); + mes("You... You know the famous D..? He has exactly the same style!"); + } else { + mes("Oh my!!? 'Bash' cut?"); + mes("This style gives strong curls on both side hair."); + } + break; + case 3: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Napalm Beat' cut?"); + mes("It has well arranges hair line that makes feel charisma."); + } else { + mes("Oh my!!? 'Frost Diver' cut?"); + mes("It is mysterious style that gives cold and warm feeling at the same time."); + } + break; + case 4: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Double Strafe' cut?"); + mes("Natural hair is shaking by wind.. Clean and good feeling."); + } else { + mes("Oh my!!? 'Arrow Shower' cut?"); + mes("Cool and nice shaggy cut makes good style."); + } + break; + case 5: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Angelus' cut?"); + mes("Calm and piety feeling.. Not boring style."); + } else { + mes("Oh my!!? 'Heal' cut?"); + mes("Feminine style give healing feeling."); + } + break; + case 6: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Push Cart' cut?"); + mes("Big Kar is motivated for this style with a romance of a man."); + } else { + mes("Oh my!!? 'Vending' cut?"); + mes("Royal ladies like this style. Make good money style."); + } + break; + case 7: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Envenom' cut?"); + mes("Tough style makes addicted."); + } else { + mes("Oh my!!? 'Double Attack' cut?"); + mes("Whoever will dash twice for this style."); + mes("Ponytail is important."); + } + break; + case 8: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Bowling Bash' cut?"); + mes("This style makes a nice guy to challenge."); + mes("Just a giving a glance can steal the heart."); + } else { + mes("Oh my!!? 'Gloria' cut?"); + mes("This style is ultimately gorgeous and graceful."); + } + break; + case 9: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Venom Dust' cut?"); + mes("This style has special ending line that looks fatal."); + } else { + mes("Oh my!!? 'SP Recovery' cut?"); + mes("This style has neat cutting that inspires."); + } + break; + case 10: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Turn Undead' cut?"); + mes("This style is like a cold city man who is strong enough to kill a monster."); + } else { + mes("Oh my!!? 'Prepare Potion' cut?"); + mes("This style has a liquid medicine motive so it makes feel cure."); + } + break; + case 11: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Dragonology' cut?"); + mes("This style is intelligent style of mysterious dragon."); + } else { + mes("Oh my!!? 'Grand Cross' cut?"); + mes("Well trimmed hair cut line gives trust."); + } + break; + case 12: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Mace Mastery' cut?"); + mes("Look fresh and look neat with wax treatment."); + } else { + mes("Oh my!!? 'Intimidate' cut?"); + mes("This style is very familiar."); + } + break; + case 13: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Thunder Storm' cut?"); + mes("This style has natural attractive perm which is like hitting by thunder storm."); + } else { + mes("Oh my!!? 'Spiritual Sphere"); + mes("Calm and a little bit looks like a boy cut draw attention."); + } + break; + case 14: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Encore' cut?"); + mes("Rocker's favorite style.. Even the name itself.."); + } else { + mes("Oh my!!? 'Gypsy's Kiss' cut?"); + mes("The hair.. Kind to everyone.. Neat and round hair line is very soft and charming."); + } + break; + case 15: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Grimtooth' cut?"); + mes("The style with edge."); + } else { + mes("Oh my!!? 'Counter Attack' cut?"); + mes("It is the style that looks cold and arrogant. Hard to talk to.."); + mes("But might be nice to boyfriend..?"); + } + break; + case 16: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Blitz Beat' cut?"); + mes("It is the style my senior invented after he broke up with his girlfriends 5 times."); + } else { + mes("Oh my!!? 'Anke Snare' cut?"); + mes("It is killing style.. No one can take eyes off!"); + } + break; + case 17: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Find Ore' cut?"); + mes("This style seems to bring encounter or find unexpected things while walking on the street."); + } else { + mes("Oh my!!? 'Hammer Fall' cut?"); + mes("Stunning hair with attraction."); + } + break; + case 18: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Fire Pillar' cut?"); + mes("Everyone used to have this hair style.. Which means that was a trend of an era."); + } else { + mes("Oh my!!? 'Jupitel Thunder'"); + mes("Fresh style by giving light waves on both side hairs."); + } + break; + case 19: + if (Sex == SEX_MALE) { + mes("Oh my!!? 'Guillotine Fist'"); + mes("It is like one-shot style.. Like a real man. Right?"); + } else { + mes("Oh my!!? 'Whirlwind' cut?"); + mes("It is cool style which flows with wind. Lah, lah, lah, lah ~"); + } + break; } + close2(); + cutin("", 255); + end; close(); case 2: if (!countitem(Cryptura_Hair_Coupon)) { @@ -6152,15 +6152,17 @@ iz_ac01,69,36,3 script Otter Samssoon#ac 4W_SAILOR,{ mes("Pick the style from page 1 to 19."); next(); input(.@style); - if (.@style > 19) { + if (.@style <= 0) { mes("[Otter Samssoon]"); - mes("Come on.. Honey~ You can use a coupon for the hair style in here~"); + mes("Oh my!!? You do not want to?"); close(); - } else if (!.@style) { + } + if (.@style > 19) { mes("[Otter Samssoon]"); - mes("Oh my!!? You do not want to?"); + mes("Come on.. Honey~ You can use a coupon for the hair style in here~"); close(); - } else if (getlook(1) == .@style) { + } + if (getlook(1) == .@style) { mes("[Otter Samssoon]"); mes("Come on.. Honey~ That is the same style you have."); mes("Do you want to try something new?"); @@ -13114,18 +13116,19 @@ izlude,145,122,7 script Tadde#iz 4_M_04,{ mes("How many would you like? Enter '0' if you want to end."); next(); while(true) { - input(.@amount, 0, 501); - if (.@amount == 0) { + input(.@amount); + if (.@amount <= 0) { mes("[Tadde]"); mes("Trade ended."); close(); - } else if (.@amount > 500) { + } + if (.@amount > 500) { mes("[Tadde]"); mes("Please reduce your quantity to 500 or less."); next(); - } else { - break; + continue; } + break; } .@sell = .@amount * 200; .@item_weight = .@amount * 200; @@ -13150,18 +13153,19 @@ izlude,145,122,7 script Tadde#iz 4_M_04,{ mes("How many would you like? Enter '0' if you want to end."); next(); while(true) { - input(.@amount, 0, 501); - if (.@amount == 0) { + input(.@amount); + if (.@amount <= 0) { mes("[Tadde]"); mes("Trade ended."); close(); - } else if (.@amount > 500) { + } + if (.@amount > 500) { mes("[Tadde]"); mes("Please reduce your quantity to 500 or less."); next(); - } else { - break; + continue; } + break; } .@sell = .@amount * 1000; .@item_weight = .@amount * 200; -- cgit v1.2.3-60-g2f50