SkyratBot a297c06a0c [MIRROR] Fixed a vulnerability introduced by the Request Music PR [MDB IGNORE] (#21462) ...

* Fixed a vulnerability introduced by the Request Music PR (#75691)

Admins can proccall the web_sound proc, completely bypassing the
shell_url_scrub done in other procs. Additionally, admins could just
directly modify the request URL stored in the request manager so that
it, again, bypasses the shell_url_scrub.

This PR just moves the shell scrubbing directly inside the proc, right
before the world.shelleo call, so that admins can't get around it with a
proccall.

* Fixed a vulnerability introduced by the Request Music PR

---------

Co-authored-by: Watermelon914 <37270891+Watermelon914@users.noreply.github.com>

2023-05-27 17:37:55 +00:00

..

lua

[MIRROR] Auxtools is now a config opt-in [MDB IGNORE] (#20361)

2023-04-06 02:08:19 +01:00

SDQL2

MISSED MIRROR [Lints Against Unmanaged Local Defines] (#20204)

2023-04-01 01:15:22 +01:00

admin_newscaster.dm

[MIRROR] Curators now have D-notice newscaster access, Officers can issue warrants [MDB IGNORE] (#20137)

2023-03-29 22:29:59 +01:00

admin.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminevents.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminfun.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

admingame.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminhelp.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminjump.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminpm.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

adminsay.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

ai_triumvirate.dm

515 Compat (#17465)

2022-11-15 06:59:06 +00:00

anonymousnames.dm

[MIRROR] More horrible 515 proc compatibility. [MDB IGNORE] (#17671)

2022-11-27 14:46:36 -08:00

atmosdebug.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

beakerpanel.dm

…

borgpanel.dm

…

cinematic.dm

515 Compat (#17465)

2022-11-15 06:59:06 +00:00

color_blind_test.dm

…

commandreport.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

config_helpers.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

deadsay.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

debug.dm

[MIRROR] Refactored the TTS subsystem to more properly handle message garbling. Added a volume preference for TTS. [MDB IGNORE] (#21353)

2023-05-22 14:06:38 -04:00

diagnostics.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

ert.dm

[MIRROR] Adds the ability for ERTs to use a custom shuttle [MDB IGNORE] (#17663)

2022-11-22 08:19:39 -08:00

fix_air.dm

…

fov.dm

…

fps.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

getlogs.dm

…

ghost_pool_protection.dm

…

hiddenprints.dm

[MIRROR] Fixup list helpers, remove listoflist footgun from generic list procs, remove duplicated procs. [MDB IGNORE] (#17749)

2022-11-25 15:01:04 +00:00

highlander_datum.dm

Fix SHOULD_NOT_SLEEP hit in highlander init (#75233) (#21204)

2023-05-15 18:49:57 -07:00

individual_logging.dm

515 Compat (#17465)

2022-11-15 06:59:06 +00:00

lawpanel.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

list_exposer.dm

[MIRROR] Refactors crew records (#72725) + Medical/Security records now use the max/min age. [MDB IGNORE] (#19078)

2023-02-28 14:14:24 -05:00

machine_upgrade.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

manipulate_organs.dm

[MIRROR] Replaces internal_organs with organs [MDB IGNORE] (#19871)

2023-03-24 13:27:48 -04:00

map_template_loadverb.dm

…

mapping.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

maprotation.dm

[MIRROR] Adding the ability to load the configuration of custom maps. [MDB IGNORE] (#17565)

2022-11-18 13:19:03 -05:00

panicbunker.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

plane_debugger.dm

515 Compat (#17465)

2022-11-15 06:59:06 +00:00

playsound.dm

[MIRROR] Fixed a vulnerability introduced by the Request Music PR [MDB IGNORE] (#21462)

2023-05-27 17:37:55 +00:00

possess.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

pray.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

reestablish_db_connection.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

request_internet_sound.dm

[MIRROR] Fixed a vulnerability introduced by the Request Music PR [MDB IGNORE] (#21462)

2023-05-27 17:37:55 +00:00

requests.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

secrets.dm

[MIRROR] World Initialization Refactor [MDB IGNORE] (#20755)

2023-04-26 22:46:55 +01:00

selectequipment.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

server.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00

shuttlepanel.dm

…

spawnobjasmob.dm

[MIRROR] Corrects record_feedback()'s copy/paste comment [MDB IGNORE] (#20777)

2023-04-25 22:38:37 -07:00