[Xpilot-hacks] rank1 and 4.5.4X2 ranking page issues
Kristian Söderblom
ksoderbl at niksula.hut.fi
Sun Feb 1 16:44:22 AST 2004
Hi.
Darel Cullen (Col. Blood) found today an issue with the
html ranking pages generated by 4.5.4X2. The server would allow nicks
which contain '<' and '>' chars and these could be used to create html
tags in the ranking page.
The 4.5.4X2 rank.c code is based on Adamel's rank1 patch:
http://www.stacken.kth.se/~mackan/xpilot/files/rank1-4.5.4.diff, which has
the same problem.
I've fixed this in xpilot.sf.net CVS. This tarball contains a
current CVS snapshot with the fix applied:
http://www.hut.fi/~ksoderbl/xpilot/tmp.tar.gz
The fix is of course not to allow '<' and '>' in nicks and
usernames. Currently the characters in this C language string are
allowed:
" !#%&'()-.0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz"
--
kps
PS. Current CVS (and the tmp.tar.gz tarball) also contain a
version of the tag/'it' code, where some new player gets to be 'it' if the
current 'it' player pauses.
More information about the Xpilot-hacks
mailing list