Don't let users inject replacement macros into their preferences,
just escape them so they're harmless. Also adjust the preferences
tests to include macros so this safety measure does not regress.
def preferences(actor, parameters):
"""List, view and change actor preferences."""
def preferences(actor, parameters):
"""List, view and change actor preferences."""
+
+ # Escape replacement macros in preferences
+ parameters = mudpy.misc.escape_macros(parameters)
+
message = ""
arguments = parameters.split()
allowed_prefs = set()
message = ""
arguments = parameters.split()
allowed_prefs = set()
test_preferences = (
(0, "> ", "preferences"),
test_preferences = (
(0, "> ", "preferences"),
- (0, r"prompt \x1b\[32m.*> ", "preferences prompt #"),
- (0, r"# ", "preferences prompt"),
- (0, r"#.*# ", "preferences prompt >"),
+ (0, r"prompt \x1b\[32m.*> ", "preferences prompt $(foo)"),
+ (0, r"\$\(foo\) ", "preferences prompt"),
+ (0, r"\$\(foo\).*\$\(foo\) ", "preferences prompt >"),
(2, "> ", "preferences loglevel 0"),
(2, "> ", "preferences"),
(2, r"loglevel \x1b\[32m0\x1b\[0m.*> ", "preferences loglevel zero"),
(2, "> ", "preferences loglevel 0"),
(2, "> ", "preferences"),
(2, r"loglevel \x1b\[32m0\x1b\[0m.*> ", "preferences loglevel zero"),