Settings: Sanitize value for multiline terminator tokens

minetest · Dec 12, 2014 · b0c4fd6 · b0c4fd6
1 parent f114fc7
commit b0c4fd6
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 6 deletions.
diff --git a/src/settings.cpp b/src/settings.cpp
@@ -63,6 +63,32 @@ Settings & Settings::operator = (const Settings &other)
 }
 
 
+std::string Settings::sanitizeName(const std::string &name)
+{
+	std::string n(name);
+
+	for (const char *s = "\t\n\v\f\r\b =\"{}#"; *s; s++)
+		n.erase(std::remove(n.begin(), n.end(), *s), n.end());
+
+	return n;
+}
+
+
+std::string Settings::sanitizeValue(const std::string &value)
+{
+	std::string v(value);
+	size_t p = 0;
+
+	if (v.substr(0, 3) == "\"\"\"")
+		v.erase(0, 3);
+
+	while ((p = v.find("\n\"\"\"")) != std::string::npos)
+		v.erase(p, 4);
+
+	return v;
+}
+
+
 std::string Settings::getMultiline(std::istream &is, size_t *num_lines)
 {
 	size_t lines = 1;
@@ -683,19 +709,15 @@ void Settings::setEntry(const std::string &name, const void *data,
 {
 	Settings *old_group = NULL;
 
-	// Strip any potentially dangerous characters from the name (note the value
-	// has no such restrictions)
-	std::string n(name);
-	for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
-		n.erase(std::remove(n.begin(), n.end(), *s), n.end());
+	std::string n = sanitizeName(name);
 
 	{
 		JMutexAutoLock lock(m_mutex);
 
 		SettingsEntry &entry = set_default ? m_defaults[n] : m_settings[n];
 		old_group = entry.group;
 
-		entry.value    = set_group ? "" : *(const std::string *)data;
+		entry.value    = set_group ? "" : sanitizeValue(*(const std::string *)data);
 		entry.group    = set_group ? *(Settings **)data : NULL;
 		entry.is_group = set_group;
 	}

diff --git a/src/settings.h b/src/settings.h
@@ -112,6 +112,8 @@ class Settings {
 	bool updateConfigObject(std::istream &is, std::ostream &os,
 		const std::string &end, u32 tab_depth=0);
 
+	static std::string sanitizeName(const std::string &name);
+	static std::string sanitizeValue(const std::string &value);
 	static std::string getMultiline(std::istream &is, size_t *num_lines=NULL);
 	static void printEntry(std::ostream &os, const std::string &name,
 		const SettingsEntry &entry, u32 tab_depth=0);