diff options
| author | ludwig <ludwig@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2009-01-17 23:09:58 +0000 |
|---|---|---|
| committer | ludwig <ludwig@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2009-01-17 23:09:58 +0000 |
| commit | b900e8e57ce8be0dfef6c4e79601a071b0932a46 (patch) | |
| tree | 4899d0cb166c492eba38d3ca1e1a293d1955bcfe /code/server | |
| parent | f95b5a79bdcbe7820b308b5f000809701ac20013 (diff) | |
| download | ioquake3-aero-b900e8e57ce8be0dfef6c4e79601a071b0932a46.tar.gz ioquake3-aero-b900e8e57ce8be0dfef6c4e79601a071b0932a46.zip | |
security fix: prevent command injection via callvote
git-svn-id: svn://svn.icculus.org/quake3/trunk@1493 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code/server')
| -rw-r--r-- | code/server/sv_client.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/code/server/sv_client.c b/code/server/sv_client.c index 5554ebf..01f4d8b 100644 --- a/code/server/sv_client.c +++ b/code/server/sv_client.c @@ -1500,6 +1500,7 @@ void SV_ExecuteClientCommand( client_t *cl, const char *s, qboolean clientOK ) { if (clientOK) { // pass unknown strings to the game if (!u->name && sv.state == SS_GAME) { + Cmd_Args_Sanitize(); VM_Call( gvm, GAME_CLIENT_COMMAND, cl - svs.clients ); } } |