projects / mudpy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ea1249)
Escape replacement macros in preferences
authorJeremy Stanley <fungi@yuggoth.org>
Sun, 5 May 2019 20:37:43 +0000 (20:37 +0000)
committerJeremy Stanley <fungi@yuggoth.org>
Sun, 5 May 2019 20:37:43 +0000 (20:37 +0000)
Don't let users inject replacement macros into their preferences,
just escape them so they're harmless. Also adjust the preferences
tests to include macros so this safety measure does not regress.

mudpy/command.py patch | blob | history
mudpy/tests/selftest.py patch | blob | history

diff --git a/mudpy/command.py b/mudpy/command.py
index ebd9036..1138aa8 100644 (file)
--- a/mudpy/command.py
+++ b/mudpy/command.py
@@ -237,6 +237,10 @@ def move(actor, parameters):
 
 def preferences(actor, parameters):
     """List, view and change actor preferences."""
+
+    # Escape replacement macros in preferences
+    parameters = mudpy.misc.escape_macros(parameters)
+
     message = ""
     arguments = parameters.split()
     allowed_prefs = set()
diff --git a/mudpy/tests/selftest.py b/mudpy/tests/selftest.py
index 2325f62..d98755a 100644 (file)
--- a/mudpy/tests/selftest.py
+++ b/mudpy/tests/selftest.py
@@ -165,9 +165,9 @@ test_admin_setup = (
 
 test_preferences = (
     (0, "> ", "preferences"),
-    (0, r"prompt \x1b\[32m.*> ", "preferences prompt #"),
-    (0, r"# ", "preferences prompt"),
-    (0, r"#.*# ", "preferences prompt >"),
+    (0, r"prompt \x1b\[32m.*> ", "preferences prompt $(foo)"),
+    (0, r"\$\(foo\) ", "preferences prompt"),
+    (0, r"\$\(foo\).*\$\(foo\) ", "preferences prompt >"),
     (2, "> ", "preferences loglevel 0"),
     (2, "> ", "preferences"),
     (2, r"loglevel \x1b\[32m0\x1b\[0m.*> ", "preferences loglevel zero"),
The mudpy MUD server engine.