Browse Source

badkeys sanitize

psy 2 years ago
parent
commit
e8ad8e17df
1 changed files with 5 additions and 1 deletions
  1. 5 1
      core/webgui.py

+ 5 - 1
core/webgui.py

@@ -46,6 +46,7 @@ links_msg_sep = "#L#" # links stream separator
 streams_msg_sep = "#S#" # streams stream separator
 games_msg_sep = "#G#" # games stream separator
 globalnet_msg_sep = "#$#" # globalnet stream separator
+badkeys = [";", "/"] # some bad keys
 
 host = "0.0.0.0"
 port = 9999
@@ -3912,8 +3913,11 @@ function runCommandX(cmd,params) {
                     if len(f) == 2:
                         var = f[0]
                         value = f[1]
-                        value = value.replace("+", " ")
+                        value = value.replace("+", " ") # quoted space
                         value = urllib.parse.unquote(value)
+                        for key in badkeys: # sanitize user-input badkeys
+                            if key in value:
+                                value = value.replace(key, " ")
                         params[var] = value
         return params