Settings: Sanitize setting name everywhere, not just LuaSettings

master
kwolekr 2014-12-09 23:52:13 -05:00
parent d50878d608
commit 88c28414f4
4 changed files with 12 additions and 14 deletions

View File

@ -73,7 +73,7 @@ int LuaSettings::l_set(lua_State* L)
std::string key = std::string(luaL_checkstring(L, 2));
const char* value = luaL_checkstring(L, 3);
o->m_settings->set(Settings::sanitizeString(key), value);
o->m_settings->set(key, value);
return 1;
}

View File

@ -63,16 +63,6 @@ Settings & Settings::operator = (const Settings &other)
}
std::string Settings::sanitizeString(const std::string &value)
{
std::string str = value;
for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
str.erase(std::remove(str.begin(), str.end(), *s), str.end());
return str;
}
std::string Settings::getMultiline(std::istream &is, size_t *num_lines)
{
size_t lines = 1;
@ -689,10 +679,16 @@ void Settings::setEntry(const std::string &name, const void *data,
{
Settings *old_group = NULL;
// Strip any potentially dangerous characters from the name (note the value
// has no such restrictions)
std::string n(name);
for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
n.erase(std::remove(n.begin(), n.end(), *s), n.end());
{
JMutexAutoLock lock(m_mutex);
SettingsEntry &entry = set_default ? m_defaults[name] : m_settings[name];
SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n];
old_group = entry.group;
entry.value = set_group ? "" : *(const std::string *)data;

View File

@ -55,6 +55,7 @@ struct ValueSpec {
type = a_type;
help = a_help;
}
ValueType type;
const char *help;
};
@ -112,7 +113,6 @@ public:
const std::string &end, u32 tab_depth=0);
static std::string getMultiline(std::istream &is, size_t *num_lines=NULL);
static std::string sanitizeString(const std::string &value);
static void printEntry(std::ostream &os, const std::string &name,
const SettingsEntry &entry, u32 tab_depth=0);

View File

@ -531,7 +531,9 @@ struct TestSettings: public TestBase
group2->setS16("num_oranges", 53);
group2->setGroup("animals", group3);
group2->set("animals", "cute"); //destroys group 3
s.setGroup("groupy_thing", group2);
// the bad chars in here should be stripped
s.setGroup("groupy \"_\" thing", group2);
// Test multiline settings
UASSERT(group->get("ccc") == "testy\n testa ");