gitea-mirror/Cockatrice
1
0
Fork 0
mirror of https://github.com/Cockatrice/Cockatrice.git synced 2025-12-22 07:10:25 -08:00
Code Issues Packages Projects Releases Wiki Activity

Reject more invalid usernames from clients.

Browse Source 
Specifically this should cover people connecting with a username of
"\u200C"
This commit is contained in:
Daenyth
2012-07-25 00:08:28 -04:00
parent ba5669652c
commit af09d0d294
8 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
servatrice/src/servatrice_database_interface.cpp
View File

@@ -73,6 +73,21 @@ bool Servatrice_DatabaseInterface::execSqlQuery(QSqlQuery &query)
return false;
}
bool Servatrice_DatabaseInterface::usernameIsValid(const QString &user)
{
QString result;
result.reserve(user.size());
foreach (const QChar& c, user) {
switch (c.category()) {
// TODO: Figure out exactly which categories are OK and not
case QChar::Other_Control: break;
default: result += c;
}
}
result = result.trimmed();
return (result.size() > 0);
}
AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, QString &reasonStr, int &banSecondsLeft)
{
switch (server->getAuthenticationMethod()) {
@@ -80,6 +95,9 @@ AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_Prot
case Servatrice::AuthenticationSql: {
if (!checkSql())
return UnknownUser;
if (!usernameIsValid(user))
return UsernameInvalid;
QSqlQuery ipBanQuery(sqlDatabase);
ipBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))), b.minutes <=> 0, b.visible_reason from " + server->getDbPrefix() + "_bans b where b.time_from = (select max(c.time_from) from " + server->getDbPrefix() + "_bans c where c.ip_address = :address) and b.ip_address = :address2");