prevent abuse by ending netname with a ^: if the name is not a valid colored string...

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7190 d7cf8633-e32d-0410-b094-e92efae38249

diff --git a/host_cmd.c b/host_cmd.c
index 07c92aa22b8f7b904e0c169f9750e0c9fee37c08..de921fdf8fe306503af1724db6970c00470a6393 100644 (file)
--- a/host_cmd.c
+++ b/host_cmd.c
@@ -737,6 +737,7 @@ cvar_t cl_name = {CVAR_SAVE | CVAR_NQUSERINFOHACK, "_cl_name", "player", "intern
 void Host_Name_f (void)
 {
        int i, j;
+       qboolean valid_colors;
        char newName[sizeof(host_client->name)];
 
        if (Cmd_Argc () == 1)
@@ -771,6 +772,27 @@ void Host_Name_f (void)
 
        // point the string back at updateclient->name to keep it safe
        strlcpy (host_client->name, newName, sizeof (host_client->name));
+
+       COM_StringLengthNoColors(host_client->name, &valid_colors);
+       if(!valid_colors) // NOTE: this also proves the string is not empty, as "" is a valid colored string
+       {
+               size_t l;
+               l = strlen(host_client->name);
+               if(l < sizeof(host_client->name) - 1)
+               {
+                       // duplicate the color tag to escape it
+                       host_client->name[i] = STRING_COLOR_TAG;
+                       host_client->name[i+1] = 0;
+                       //Con_DPrintf("abuse detected, adding another trailing color tag\n");
+               }
+               else
+               {
+                       // remove the last character to fix the color code
+                       host_client->name[l-1] = 0;
+                       //Con_DPrintf("abuse detected, removing a trailing color tag\n");
+               }
+       }
+
        host_client->edict->fields.server->netname = PRVM_SetEngineString(host_client->name);
        if (strcmp(host_client->old_name, host_client->name))
        {