Incoming payload passed unfiltered

Open pljones opened this issue 6 years ago • 0 comments

Hi,

I have been seeing rare issues with the autosong.ninjam.com serverlist.php script that appear to be because it can't handle unexpected newlines in topics -- maybe other special characters, too. It might be that the serverlist.php script should be fixed but another way would be here: https://github.com/justinfrankel/ninjam/blob/2a2008f25fbf64c3cc89d52081517b9d757334a9/ninjam/server/usercon.cpp#L1136 Filtering incoming chat messages to "suspicious" characters (i.e. under char(32)) to space might be okay.

By the way, is the serverlist.php source around anywhere?

Thanks,

-- Peter

Dec 29 '18 10:12 pljones