Merge pull request #289 from end360/master

Fix exploit.
adamdburton · Sep 28, 2018 · 3c4b105 · 3c4b105
2 parents 74fa43a + fbed370
commit 3c4b105
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 33 deletions.
diff --git a/lua/pointshop/items/headshatsmasks/texthat.lua b/lua/pointshop/items/headshatsmasks/texthat.lua
@@ -6,31 +6,39 @@ ITEM.NoPreview = true
 local MaxTextLength = 32
 
 function ITEM:PostPlayerDraw(ply, modifications, ply2)
-	if not ply == ply2 then return end
-	if not ply:Alive() then return end
-	if ply.IsSpec and ply:IsSpec() then return end
-	
-	local offset = Vector(0, 0, 79)
-	local ang = LocalPlayer():EyeAngles()
-	local pos = ply:GetPos() + offset + ang:Up()
-	
-	ang:RotateAroundAxis(ang:Forward(), 90)
-	ang:RotateAroundAxis(ang:Right(), 90)
-	
-	cam.Start3D2D(pos, Angle(0, ang.y, 90), 0.1)
-		draw.DrawText(string.sub(modifications.text or ply:Nick(), 1, MaxTextLength), "PS_Heading", 2, 2, modifications.color or Color(255, 255, 255, 255), TEXT_ALIGN_CENTER)
-	cam.End3D2D()
+    if not ply == ply2 then return end
+    if not ply:Alive() then return end
+    if ply.IsSpec and ply:IsSpec() then return end
+    
+    local offset = Vector(0, 0, 79)
+    local ang = LocalPlayer():EyeAngles()
+    local pos = ply:GetPos() + offset + ang:Up()
+    
+    ang:RotateAroundAxis(ang:Forward(), 90)
+    ang:RotateAroundAxis(ang:Right(), 90)
+    
+    cam.Start3D2D(pos, Angle(0, ang.y, 90), 0.1)
+        draw.DrawText(string.sub(modifications.text or ply:Nick(), 1, MaxTextLength), "PS_Heading", 2, 2, modifications.color or Color(255, 255, 255, 255), TEXT_ALIGN_CENTER)
+    cam.End3D2D()
 end
 
 function ITEM:Modify(modifications)
-	Derma_StringRequest("Text", "What text do you want your hat to say?", "", function(text)
-		
-		if string.find(text, "#") then
-			text = string.gsub(text, "#", "")
-		end
-		
-		modifications.text = string.sub(text, 1, MaxTextLength)
-		PS:ShowColorChooser(self, modifications)
-	end)
+    Derma_StringRequest("Text", "What text do you want your hat to say?", "", function(text)
+        
+        if string.find(text, "#") then
+            text = string.gsub(text, "#", "")
+        end
+        
+        modifications.text = string.sub(text, 1, MaxTextLength)
+        PS:ShowColorChooser(self, modifications)
+    end)
 end
 
+
+-- Since this item has modifications we return a table of only what should be allowed for security reasons
+function ITEM:SanitizeTable( modifications )
+    local tab = {}
+    tab.text  = modifications.text and string.sub(modifications.text, 1, MaxTextLength) or nil
+    tab.color = modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255, 255) or Color(255,255,255)
+    return tab
+end
diff --git a/lua/pointshop/items/trails/electric.lua b/lua/pointshop/items/trails/electric.lua
@@ -17,4 +17,9 @@ end
 function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.ElectricTrail)
 	self:OnEquip(ply, modifications)
-end
+end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
diff --git a/lua/pointshop/items/trails/laser.lua b/lua/pointshop/items/trails/laser.lua
@@ -18,3 +18,8 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.LaserTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
diff --git a/lua/pointshop/items/trails/loltrail.lua b/lua/pointshop/items/trails/loltrail.lua
@@ -18,3 +18,9 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.LolTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
+
diff --git a/lua/pointshop/items/trails/lovetrail.lua b/lua/pointshop/items/trails/lovetrail.lua
@@ -18,3 +18,9 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.LoveTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
+
diff --git a/lua/pointshop/items/trails/plasmatrail.lua b/lua/pointshop/items/trails/plasmatrail.lua
@@ -18,3 +18,8 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.PlasmaTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
diff --git a/lua/pointshop/items/trails/smoke.lua b/lua/pointshop/items/trails/smoke.lua
@@ -18,3 +18,8 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.SmokeTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+	return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
diff --git a/lua/pointshop/items/trails/tube.lua b/lua/pointshop/items/trails/tube.lua
@@ -18,3 +18,8 @@ function ITEM:OnModify(ply, modifications)
 	SafeRemoveEntity(ply.TubeTrail)
 	self:OnEquip(ply, modifications)
 end
+
+-- Since trails allow players to change the color we limit the table to only color for security reasons
+function ITEM:SanitizeTable( modifications )
+    return {color=modifications.color and Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255) or nil}
+end
diff --git a/lua/pointshop/sh_init.lua b/lua/pointshop/sh_init.lua
@@ -59,7 +59,8 @@ end
 
 function PS:LoadItems()	
 	local _, dirs = file.Find('pointshop/items/*', 'LUA')
-
+	local emptyfunc = function() end
+
 	for _, category in pairs(dirs) do
 		local f, _ = file.Find('pointshop/items/' .. category .. '/__category.lua', 'LUA')
 
@@ -72,7 +73,7 @@ function PS:LoadItems()
 			CATEGORY.AllowedEquipped = -1
 			CATEGORY.AllowedUserGroups = {}
 			CATEGORY.CanPlayerSee = function() return true end
-			CATEGORY.ModifyTab = function(tab) return end
+			CATEGORY.ModifyTab = emptyfunc
 
 			if SERVER then AddCSLuaFile('pointshop/items/' .. category .. '/__category.lua') end
 			include('pointshop/items/' .. category .. '/__category.lua')
@@ -107,11 +108,11 @@ function PS:LoadItems()
 					ITEM.CanPlayerEquip = true
 					ITEM.CanPlayerHolster = true
 
-					ITEM.OnBuy = function() end
-					ITEM.OnSell = function() end
-					ITEM.OnEquip = function() end
-					ITEM.OnHolster = function() end
-					ITEM.OnModify = function() end
+					ITEM.OnBuy = emptyfunc
+					ITEM.OnSell = emptyfunc
+					ITEM.OnEquip = emptyfunc
+					ITEM.OnHolster = emptyfunc
+					ITEM.OnModify = emptyfunc
 					ITEM.ModifyClientsideModel = function(ITEM, ply, model, pos, ang)
 						return model, pos, ang
 					end

diff --git a/lua/pointshop/sv_player_extension.lua b/lua/pointshop/sv_player_extension.lua
@@ -429,16 +429,31 @@ function Player:PS_HolsterItem(item_id)
 	self:PS_SendItems()
 end
 
--- modify items
+
+local function Sanitize( modifications ) -- used as a default if an item is missing the SanitizeTable function. Catches colors/text
+	local out = {}
+	if isstring(modifications.text) then out.text = modifications.text end
+	if modifications.color then
+		out.color = Color(modifications.color.r or 255, modifications.color.g or 255, modifications.color.b or 255)
+	end
+	return out
+end
 
 function Player:PS_ModifyItem(item_id, modifications)
 	if not PS.Items[item_id] then return false end
 	if not self:PS_HasItem(item_id) then return false end
 	if not type(modifications) == "table" then return false end
 	if not self:PS_CanPerformAction(item_id) then return false end
-
+	
 	local ITEM = PS.Items[item_id]
 
+	-- This if block helps prevent someone from sending a table full of random junk that will fill up the server's RAM, be networked to every player, and be stored in the database
+	if ITEM.SanitizeTable then 
+		modifications = ITEM:SanitizeTable(modifications)
+	else
+		modifications = Sanitize(modifications)
+	end
+
 	for key, value in pairs(modifications) do
 		self.PS_Items[item_id].Modifiers[key] = value
 	end