From b900e8e57ce8be0dfef6c4e79601a071b0932a46 Mon Sep 17 00:00:00 2001
From: ludwig <ludwig@edf5b092-35ff-0310-97b2-ce42778d08ea>
Date: Sat, 17 Jan 2009 23:09:58 +0000
Subject: security fix: prevent command injection via callvote

git-svn-id: svn://svn.icculus.org/quake3/trunk@1493 edf5b092-35ff-0310-97b2-ce42778d08ea
---
 code/server/sv_client.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'code/server')

diff --git a/code/server/sv_client.c b/code/server/sv_client.c
index 5554ebf..01f4d8b 100644
--- a/code/server/sv_client.c
+++ b/code/server/sv_client.c
@@ -1500,6 +1500,7 @@ void SV_ExecuteClientCommand( client_t *cl, const char *s, qboolean clientOK ) {
 	if (clientOK) {
 		// pass unknown strings to the game
 		if (!u->name && sv.state == SS_GAME) {
+			Cmd_Args_Sanitize();
 			VM_Call( gvm, GAME_CLIENT_COMMAND, cl - svs.clients );
 		}
 	}
-- 
cgit v1.2.3