From bd87bd76a5a2dad04a829da2ab4f05d6fc8b746e Mon Sep 17 00:00:00 2001 From: sk89q Date: Tue, 16 Nov 2010 22:29:13 -0800 Subject: [PATCH] Added filename allowable characters filter to //load and //save (about time!). --- src/WorldEditListener.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/WorldEditListener.java b/src/WorldEditListener.java index 0c62e68a2..d15e5627e 100644 --- a/src/WorldEditListener.java +++ b/src/WorldEditListener.java @@ -807,6 +807,12 @@ public class WorldEditListener extends PluginListener { File dir = new File("schematics"); File f = new File("schematics", filename); + if (!filename.matches("^[A-Za-z0-9_\\- \\./\\\\'\\$@~!%\\^\\*\\(\\)\\[\\]\\+\\{\\},\\?]+$")) { + player.printError("Valid characters: A-Z, a-z, 0-9, spaces, " + + "./\'$@~!%^*()[]+{},?"); + return true; + } + try { String filePath = f.getCanonicalPath(); String dirPath = dir.getCanonicalPath(); @@ -830,6 +836,13 @@ public class WorldEditListener extends PluginListener { } else if (split[0].equalsIgnoreCase("//save")) { checkArgs(split, 1, 1, split[0]); String filename = split[1].replace("\0", "") + ".schematic"; + + if (!filename.matches("^[A-Za-z0-9_\\- \\./\\\\'\\$@~!%\\^\\*\\(\\)\\[\\]\\+\\{\\},\\?]+$")) { + player.printError("Valid characters: A-Z, a-z, 0-9, spaces, " + + "./\'$@~!%^*()[]+{},?"); + return true; + } + File dir = new File("schematics"); File f = new File("schematics", filename);