oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-07-02 16:38:41 +00:00
Code Wiki Activity

Sanitize formspec fields server-side (#14878)

Browse source
This commit is contained in:
sfan5 2024-08-21 21:34:46 +02:00 committed by GitHub
parent ab7af5d15a
commit c6ef5ab259
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 99 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/util/string.h
View file

@ -761,6 +761,16 @@ inline irr::core::stringw utf8_to_stringw(std::string_view input)
*/
std::string sanitizeDirName(std::string_view str, std::string_view optional_prefix);
/**
* Sanitize an untrusted string (e.g. from the network). This will get strip
* control characters and (optionally) any MT-style escape sequences too.
* Note that they won't be removed cleanly but rather just broken, unlike with
* unescape_enriched.
* Line breaks and UTF-8 is permitted.
*/
[[nodiscard]]
std::string sanitize_untrusted(std::string_view str, bool keep_escapes = true);
/**
* Prints a sanitized version of a string without control characters.
* '\t' and '\n' are allowed, as are UTF-8 control characters (e.g. RTL).