Core/Ticket: Validate Hyperlinks in ticket contents. Closes #22408.

2026-01-16 07:30:42 +01:00 · 2018-09-13 14:49:45 +02:00
parent 2c98bf5b1e
commit 2a531eee68
1 changed files with 27 additions and 0 deletions
--- a/src/server/game/Handlers/TicketHandler.cpp
+++ b/src/server/game/Handlers/TicketHandler.cpp
@@ -20,6 +20,7 @@
 #include "Common.h"
 #include "DatabaseEnv.h"
 #include "GameTime.h"
+#include "Hyperlinks.h"
 #include "Language.h"
 #include "Log.h"
 #include "ObjectMgr.h"
@@ -32,6 +33,21 @@
 #include "WorldPacket.h"
 #include <zlib.h>

+#define ValidateLinksAndMaybeKick(str)                                                                              \
+{                                                                                                                   \
+    if (!Trinity::Hyperlinks::ValidateLinks(str))                                                                   \
+    {                                                                                                               \
+        TC_LOG_ERROR("network", "Player %s (GUID: %u) tried to add an invalid link to a GM ticket - corrected",     \
+            GetPlayer()->GetName().c_str(), GetPlayer()->GetGUID().GetCounter());                                   \
+                                                                                                                    \
+        if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK))                                            \
+        {                                                                                                           \
+            KickPlayer();                                                                                           \
+            return;                                                                                                 \
+        }                                                                                                           \
+    }                                                                                                               \
+}
+
 void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
 {
    // Don't accept tickets if the ticket queue is disabled. (Ticket UI is greyed out but not fully dependable)
@@ -67,6 +83,8 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
        recvData >> x >> y >> z;
        recvData >> message;

+        ValidateLinksAndMaybeKick(message);
+
        recvData >> needResponse;
        recvData >> needMoreHelp;

@@ -108,7 +126,10 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
        ticket->SetGmAction(needResponse, needMoreHelp);

        if (!chatLog.empty())
+        {
+            ValidateLinksAndMaybeKick(chatLog);
            ticket->SetChatLog(times, chatLog);
+        }

        sTicketMgr->AddTicket(ticket);
        sTicketMgr->UpdateLastChange();
@@ -128,6 +149,8 @@ void WorldSession::HandleGMTicketUpdateOpcode(WorldPacket& recvData)
    std::string message;
    recvData >> message;

+    ValidateLinksAndMaybeKick(message);
+
    GMTicketResponse response = GMTICKET_RESPONSE_UPDATE_ERROR;
    if (GmTicket* ticket = sTicketMgr->GetTicketByPlayer(GetPlayer()->GetGUID()))
    {
@@ -210,6 +233,8 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recvData)
        if (!surveyIds.insert(subSurveyId).second)
            continue;

+        ValidateLinksAndMaybeKick(comment);
+
        PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SUBSURVEY);
        stmt->setUInt32(0, nextSurveyID);
        stmt->setUInt32(1, subSurveyId);
@@ -221,6 +246,8 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recvData)
    std::string comment; // just a guess
    recvData >> comment;

+    ValidateLinksAndMaybeKick(comment);
+
    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SURVEY);
    stmt->setUInt32(0, GetPlayer()->GetGUID().GetCounter());
    stmt->setUInt32(1, nextSurveyID);