bug-1784200-single-line-escaping into lp:widelands

Notabilis Mon, 20 Aug 2018 12:16:18 -0700

Notabilis has proposed merging 
lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands.


Commit message:
More strict sanitizing of chat messages. Printing a welcome message on joining 
the metaserver.

Requested reviews:
  GunChleoc (gunchleoc)
Related bugs:
  Bug #1784200 in widelands: "clash with font renderer and server messages?"
  https://bugs.launchpad.net/widelands/+bug/1784200

For more details, see:
https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446

More strict sanitizing of chat messages to avoid future bugs with formatted 
text. All characters are now displayed as they are entered and are no longer 
interpreted as richtext.

Also, printing a message when joining the metaserver lobby, similar to the 
previous message send by the metaserver.
-- 
Your team Widelands Developers is subscribed to branch 
lp:~widelands-dev/widelands/bug-1784200-single-line-escaping.

=== modified file 'src/network/internet_gaming.cc'
--- src/network/internet_gaming.cc	2018-05-03 14:24:27 +0000
+++ src/network/internet_gaming.cc	2018-08-20 19:15:14 +0000
@@ -367,6 +367,7 @@
 
 		} else if (cmd == IGPCMD_LOGIN) {
 			// Clients request to login was granted
+			format_and_add_chat("", "", true, _("Welcome on the Widelands Metaserver!"));
 			const std::string assigned_name = packet.string();
 			if (clientname_ != assigned_name) {
 				format_and_add_chat(
@@ -383,6 +384,10 @@
 				reg_ = false;
 				authenticator_ = crypto::sha1(clientname_ + authenticator_);
 			}
+			format_and_add_chat("", "", true, _("Our forums can be found at:"));
+			format_and_add_chat("", "", true, _("https://wl.widelands.org/forum/";));
+			format_and_add_chat("", "", true, _("Please report bugs at:"));
+			format_and_add_chat("", "", true, _("https://launchpad.net/widelands";));
 			state_ = LOBBY;
 			log("InternetGaming: Client %s logged in.\n", clientname_.c_str());
 			return;

=== modified file 'src/wui/chat_msg_layout.cc'
--- src/wui/chat_msg_layout.cc	2018-04-07 16:59:00 +0000
+++ src/wui/chat_msg_layout.cc	2018-08-20 19:15:14 +0000
@@ -46,7 +46,7 @@
 	const std::string& font_face = "serif";
 	std::string message = "<p><font color=33ff33 size=9>";
 
-	std::string sanitized = sanitize_message(chat_message);
+	std::string sanitized = richtext_escape(chat_message.msg);
 
 	// time calculation
 	char ts[13];
@@ -99,49 +99,3 @@
 	// return the formated message
 	return message + "</font><br></p>";
 }
-
-std::string sanitize_message(const ChatMessage& chat_message) {
-	// Escape richtext characters
-	// The goal of this code is two-fold:
-	//  1. Assuming an honest game host, we want to prevent the ability of
-	//     clients to use richtext.
-	//  2. Assuming a malicious host or meta server, we want to reduce the
-	//     likelihood that a bug in the richtext renderer can be exploited,
-	//     by restricting the set of allowed richtext commands.
-	//     Most notably, images are not allowed in richtext at all.
-	//
-	// Note that we do want host and meta server to send some richtext code,
-	// as the ability to send formatted commands is nice for the usability
-	// of meta server so we're treading a bit of a fine line here.
-
-	if (chat_message.playern >= 0) {
-		return richtext_escape(chat_message.msg);
-	}
-
-	std::string sanitized;
-	for (std::string::size_type pos = 0; pos < chat_message.msg.size(); ++pos) {
-		if (chat_message.msg[pos] == '<') {
-			static const std::string good1 = "</p><p";
-			static const std::string good2 = "<br>";
-			if (!chat_message.msg.compare(pos, good1.size(), good1)) {
-				// TODO(MiroslavR): The logic here seems flawed.
-				std::string::size_type nextclose = chat_message.msg.find('>', pos + good1.size());
-				if (nextclose != std::string::npos &&
-				    (nextclose == pos + good1.size() || chat_message.msg[pos + good1.size()] == ' ')) {
-					sanitized += good1;
-					pos += good1.size() - 1;
-					continue;
-				}
-			} else if (!chat_message.msg.compare(pos, good2.size(), good2)) {
-				sanitized += good2;
-				pos += good2.size() - 1;
-				continue;
-			}
-
-			sanitized += "&lt;";
-		} else {
-			sanitized += chat_message.msg[pos];
-		}
-	}
-	return sanitized;
-}

=== modified file 'src/wui/chat_msg_layout.h'
--- src/wui/chat_msg_layout.h	2018-04-07 16:59:00 +0000
+++ src/wui/chat_msg_layout.h	2018-08-20 19:15:14 +0000
@@ -25,6 +25,4 @@
 // Formats 'chat_message' as richtext.
 std::string format_as_richtext(const ChatMessage& chat_message);
 
-std::string sanitize_message(const ChatMessage& chat_message);
-
 #endif  // end of include guard: WL_WUI_CHAT_MSG_LAYOUT_H

_______________________________________________
Mailing list: https://launchpad.net/~widelands-dev
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~widelands-dev
More help   : https://help.launchpad.net/ListHelp

[Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands

Reply via email to