<URL: http://bugs.freeciv.org/Ticket/Display.html?id=7414 >

Ciaran Mac Lochlainn <[EMAIL PROTECTED]>:
> This patch tightens up the validation of boolean and integer server
> parameters. It also adds a validation function for the endyear
> parameter, which will only allow values of endyear which are greater
> than game.year.

> With this patch, boolean server parameters must not contain any
> characters other than 0 and 1. Integer server parameters can only
> contain +- and 0-9.

 Patch updated to svn. Style fixes.


 - ML

diff -Nurd -X.diff_ignore freeciv/server/settings.c freeciv/server/settings.c
--- freeciv/server/settings.c	2007-01-13 03:18:47.000000000 +0200
+++ freeciv/server/settings.c	2007-01-15 05:18:35.000000000 +0200
@@ -148,6 +148,19 @@
 }
 
 /*************************************************************************
+  Verify that a given endyear is valid.
+*************************************************************************/
+static bool endyear_callback(int value, const char **error_string)
+{
+  if (value < game.info.year) {
+    /* Tried to set endyear earlier than current year */
+    *error_string = _("Cannot set endyear earlier than current year.");
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/*************************************************************************
   Verify that a given maxplayers string is valid.
 *************************************************************************/
 static bool maxplayers_callback(int value, const char **error_string)
@@ -839,9 +852,10 @@
 
   GEN_INT("endyear", game.info.end_year,
 	  SSET_META, SSET_SOCIOLOGY, SSET_VITAL, SSET_TO_CLIENT,
-	  N_("Year the game ends"), 
-	  N_("The game will end at the end of the given year."), NULL,
-	  GAME_MIN_END_YEAR, GAME_MAX_END_YEAR, GAME_DEFAULT_END_YEAR)
+	  N_("Year the game ends"),
+          N_("The game will end at the end of the given year."),
+          endyear_callback,
+          GAME_MIN_END_YEAR, GAME_MAX_END_YEAR, GAME_DEFAULT_END_YEAR)
 
   GEN_INT("timeout", game.info.timeout,
 	  SSET_META, SSET_INTERNAL, SSET_VITAL, SSET_TO_CLIENT,
diff -Nurd -X.diff_ignore freeciv/server/stdinhand.c freeciv/server/stdinhand.c
--- freeciv/server/stdinhand.c	2007-01-10 18:13:41.000000000 +0200
+++ freeciv/server/stdinhand.c	2007-01-15 05:32:12.000000000 +0200
@@ -2424,7 +2424,7 @@
 static bool set_command(struct connection *caller, char *str, bool check)
 {
   char command[MAX_LEN_CONSOLE_LINE], arg[MAX_LEN_CONSOLE_LINE], *cptr_s, *cptr_d;
-  int val, cmd;
+  int val, cmd, i;
   struct settings_s *op;
   bool do_update;
   char buffer[500];
@@ -2481,7 +2481,20 @@
     if (sscanf(arg, "%d", &val) != 1) {
       cmd_reply(CMD_SET, caller, C_SYNTAX, _("Value must be an integer."));
       return FALSE;
-    } else if (val != 0 && val != 1) {
+    }
+    /* make sure the input string only contains digits */
+    for (i = 0;; i++) {
+      if (arg[i] == '\0' ) {
+        break;
+      }
+      if (arg[i] < '0' || arg[i] > '1') {
+        cmd_reply(CMD_SET, caller, C_SYNTAX,
+                  _("The parameter %s should only contain digits 0-1."),
+                  op->name);
+        return FALSE;
+      }
+    }
+    if (val != 0 && val != 1) {
       cmd_reply(CMD_SET, caller, C_SYNTAX,
 		_("Value out of range (minimum: 0, maximum: 1)."));
       return FALSE;
@@ -2507,7 +2520,21 @@
     if (sscanf(arg, "%d", &val) != 1) {
       cmd_reply(CMD_SET, caller, C_SYNTAX, _("Value must be an integer."));
       return FALSE;
-    } else if (val < op->int_min_value || val > op->int_max_value) {
+    }
+	/* make sure the input string only contains digits */
+    for (i = 0;; i++) {
+      if (arg[i] == '\0' ) {
+        break;
+      }
+      if ((arg[i] < '0' || arg[i] > '9')
+	  && (i != 0 || (arg[i] != '-' && arg[i] != '+'))) {
+        cmd_reply(CMD_SET, caller, C_SYNTAX,
+                  _("The parameter %s should only contain +- and 0-9."),
+                  op->name);
+        return FALSE;
+      }
+    }
+    if (val < op->int_min_value || val > op->int_max_value) {
       cmd_reply(CMD_SET, caller, C_SYNTAX,
 		_("Value out of range (minimum: %d, maximum: %d)."),
 		op->int_min_value, op->int_max_value);
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to