Skip to content

Commit

Permalink
adminvote.sma exploit fix (#823)
Browse files Browse the repository at this point in the history 
* Restrict having ".." character sequence in amx_votemap command arguments

Fixes exploit on Windows servers that allows executing potentially dangerous console commands

* Fix typo

containi -> contain
  • Loading branch information
@etojuice
etojuice committed May 28, 2020
1 parent 307e714 commit a5f2b55
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion plugins/adminvote.sma
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,10 @@ public cmdVoteMap(id, level, cid)
for (new i = 1; i < argc; ++i)
{
read_argv(i, g_optionName[g_validMaps], 31)


if (contain(g_optionName[g_validMaps], "..") != -1)
continue

if (is_map_valid(g_optionName[g_validMaps]))
g_validMaps++
}
Expand Down

0 comments on commit a5f2b55

Please sign in to comment.