diff options
| author | Treeston <treeston.mmoc@gmail.com> | 2018-09-13 14:49:45 +0200 |
|---|---|---|
| committer | Treeston <treeston.mmoc@gmail.com> | 2018-09-13 14:49:45 +0200 |
| commit | 2a531eee68e336f84faffe1f1f4cbcc5a115ca8c (patch) | |
| tree | d075a7af90e800eb7c95a418fa55a1828bb5b273 /src | |
| parent | 2c98bf5b1ed5815c9736aba82b0e6a5ed8e88a4f (diff) | |
Core/Ticket: Validate Hyperlinks in ticket contents. Closes #22408.
Diffstat (limited to 'src')
| -rw-r--r-- | src/server/game/Handlers/TicketHandler.cpp | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/server/game/Handlers/TicketHandler.cpp b/src/server/game/Handlers/TicketHandler.cpp index 7fd6ff49f1e..426795cd7f0 100644 --- a/src/server/game/Handlers/TicketHandler.cpp +++ b/src/server/game/Handlers/TicketHandler.cpp @@ -20,6 +20,7 @@ #include "Common.h" #include "DatabaseEnv.h" #include "GameTime.h" +#include "Hyperlinks.h" #include "Language.h" #include "Log.h" #include "ObjectMgr.h" @@ -32,6 +33,21 @@ #include "WorldPacket.h" #include <zlib.h> +#define ValidateLinksAndMaybeKick(str) \ +{ \ + if (!Trinity::Hyperlinks::ValidateLinks(str)) \ + { \ + TC_LOG_ERROR("network", "Player %s (GUID: %u) tried to add an invalid link to a GM ticket - corrected", \ + GetPlayer()->GetName().c_str(), GetPlayer()->GetGUID().GetCounter()); \ + \ + if (sWorld->getIntConfig(CONFIG_CHAT_STRICT_LINK_CHECKING_KICK)) \ + { \ + KickPlayer(); \ + return; \ + } \ + } \ +} + void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData) { // Don't accept tickets if the ticket queue is disabled. (Ticket UI is greyed out but not fully dependable) @@ -67,6 +83,8 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData) recvData >> x >> y >> z; recvData >> message; + ValidateLinksAndMaybeKick(message); + recvData >> needResponse; recvData >> needMoreHelp; @@ -108,7 +126,10 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData) ticket->SetGmAction(needResponse, needMoreHelp); if (!chatLog.empty()) + { + ValidateLinksAndMaybeKick(chatLog); ticket->SetChatLog(times, chatLog); + } sTicketMgr->AddTicket(ticket); sTicketMgr->UpdateLastChange(); @@ -128,6 +149,8 @@ void WorldSession::HandleGMTicketUpdateOpcode(WorldPacket& recvData) std::string message; recvData >> message; + ValidateLinksAndMaybeKick(message); + GMTicketResponse response = GMTICKET_RESPONSE_UPDATE_ERROR; if (GmTicket* ticket = sTicketMgr->GetTicketByPlayer(GetPlayer()->GetGUID())) { @@ -210,6 +233,8 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recvData) if (!surveyIds.insert(subSurveyId).second) continue; + ValidateLinksAndMaybeKick(comment); + PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SUBSURVEY); stmt->setUInt32(0, nextSurveyID); stmt->setUInt32(1, subSurveyId); @@ -221,6 +246,8 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recvData) std::string comment; // just a guess recvData >> comment; + ValidateLinksAndMaybeKick(comment); + PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SURVEY); stmt->setUInt32(0, GetPlayer()->GetGUID().GetCounter()); stmt->setUInt32(1, nextSurveyID); |