Skip to content

Commit

Permalink
Introduce additional lobby guards (#5862)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Garanas
Garanas committed Jan 29, 2024
1 parent 8dde434 commit 5ccc554
Showing 1 changed file with 54 additions and 4 deletions.
58 changes: 54 additions & 4 deletions lua/ui/lobby/lobby.lua
View file
Expand Up @@ -5210,11 +5210,61 @@ local MessageHandlers = {
},

AddPlayer = {

---@class LobbyAddPlayerData
---@field PlayerOptions PlayerData
---@field SenderId number
---@field SenderName string
---@field Type string

---@param data LobbyAddPlayerData
Accept = function(data)
return data.PlayerOptions.OwnerID and
data.PlayerOptions.OwnerID == data.SenderID and
not FindNameForID(data.SenderID) and
lobbyComm:IsHost()
-- we need to do quite a bit of checks to prevent malicious values
if type(data.PlayerOptions.MEAN) != 'number' then
return false
end

if type (data.PlayerOptions.NG) != 'number' then
return false
end

if type(data.PlayerOptions.Faction) != 'number' then
return false
end

if type(data.PlayerOptions.PlayerName) != 'string' then
return false
end

local charactersInPlayerName = string.len(data.PlayerOptions.PlayerName)
if charactersInPlayerName < 3 or charactersInPlayerName > 32 then
return false
end

if data.PlayerOptions.PlayerClan then
if type(data.PlayerOptions.PlayerClan) != 'string' then
return false
end

if string.len(data.PlayerOptions.PlayerClan) > 3 then
return false
end
end


if not data.PlayerOptions.OwnerID then
return false
end

if not (data.PlayerOptions.OwnerID == data.SenderID) then
return false
end

if FindNameForID(data.SenderID) then
return false
end

return lobbyComm:IsHost()
end,
Reject = function(data)
lobbyComm:EjectPeer(data.SenderID, "Invalid player data.")
Expand Down

0 comments on commit 5ccc554

Please sign in to comment.