From efd432afb8a6b18444b70068fe1dd147cbb0f157 Mon Sep 17 00:00:00 2001 From: Agent X <44549182+AgentXLP@users.noreply.github.com> Date: Sun, 19 May 2024 12:31:35 -0400 Subject: [PATCH] Fix a Security Concern --- src/pc/djui/djui_panel_player.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/src/pc/djui/djui_panel_player.c b/src/pc/djui/djui_panel_player.c index ead66f8b..2169450a 100644 --- a/src/pc/djui/djui_panel_player.c +++ b/src/pc/djui/djui_panel_player.c @@ -124,12 +124,25 @@ static bool djui_panel_player_edit_palette_preset_name_valid(char* buffer) { if (buffer[0] == '\0') { return false; } char* c = buffer; while (*c != '\0') { + if (*c == '/' || *c == '\\') { return false; } if (!djui_unicode_valid_char(c)) { return false; } c = djui_unicode_next_char(c); } return true; } +static char* djui_panel_player_edit_palette_preset_name_get_text(void) { + char* name = "Unnamed"; + if (gPresetPaletteCount > 0) { + for (int i = 0; i < gPresetPaletteCount; i++) { + if (memcmp(&configPlayerPalette, &gPresetPalettes[i].palette, sizeof(struct PlayerPalette)) == 0) { + name = gPresetPalettes[i].name; + } + } + } + return name; +} + static void djui_panel_player_edit_palette_preset_name_text_change(struct DjuiBase* caller) { struct DjuiInputbox* inputbox1 = (struct DjuiInputbox*)caller; if (djui_panel_player_edit_palette_preset_name_valid(inputbox1->buffer)) { @@ -142,7 +155,7 @@ static void djui_panel_player_edit_palette_preset_name_text_change(struct DjuiBa static void djui_panel_player_edit_palette_preset_name_on_focus_end(struct DjuiBase* caller) { struct DjuiInputbox* inputbox1 = (struct DjuiInputbox*)caller; if (!djui_panel_player_edit_palette_preset_name_valid(inputbox1->buffer)) { - djui_inputbox_set_text(inputbox1, "Unnamed"); + djui_inputbox_set_text(inputbox1, djui_panel_player_edit_palette_preset_name_get_text()); } djui_inputbox_set_text_color(inputbox1, 0, 0, 0, 255); @@ -184,7 +197,6 @@ static void djui_panel_player_edit_palette_destroy(struct DjuiBase* caller) { } else if (gDjuiPanelPauseCreated) { djui_panel_shutdown(); djui_panel_pause_create(NULL); - djui_panel_options_create(NULL); djui_panel_player_create(NULL); } return; @@ -254,16 +266,8 @@ static void djui_panel_player_edit_palette_create(struct DjuiBase* caller) { djui_base_set_alignment(&text1->base, DJUI_HALIGN_LEFT, DJUI_VALIGN_TOP); djui_text_set_drop_shadow(text1, 64, 64, 64, 100); - char* name = "Unnamed"; - if (gPresetPaletteCount > 0) { - for (int i = 0; i < gPresetPaletteCount; i++) { - if (memcmp(&configPlayerPalette, &gPresetPalettes[i].palette, sizeof(struct PlayerPalette)) == 0) { - name = gPresetPalettes[i].name; - } - } - } sPalettePresetNameTextBox = djui_inputbox_create(&rect2->base, 32); - djui_inputbox_set_text(sPalettePresetNameTextBox, name); + djui_inputbox_set_text(sPalettePresetNameTextBox, djui_panel_player_edit_palette_preset_name_get_text()); djui_base_set_size_type(&sPalettePresetNameTextBox->base, DJUI_SVT_RELATIVE, DJUI_SVT_ABSOLUTE); djui_base_set_size(&sPalettePresetNameTextBox->base, 0.45f, 32); djui_base_set_alignment(&sPalettePresetNameTextBox->base, DJUI_HALIGN_RIGHT, DJUI_VALIGN_TOP);