diff --git a/code/__HELPERS/text.dm b/code/__HELPERS/text.dm index f9bae78c35b..a891ad36a43 100644 --- a/code/__HELPERS/text.dm +++ b/code/__HELPERS/text.dm @@ -59,6 +59,10 @@ /proc/sanitize(var/t,var/list/repl_chars = null) return html_encode(sanitize_simple(t,repl_chars)) +/proc/paranoid_sanitize(t) + var/regex/alphanum_only = regex("\[^a-zA-Z0-9#]", "g") + return alphanum_only.Replace(t, "#") + //Runs sanitize and strip_html_simple //I believe strip_html_simple() is required to run first to prevent '<' from displaying as '<' after sanitize() calls byond's html_encode() /proc/strip_html(var/t,var/limit=MAX_MESSAGE_LEN) @@ -542,4 +546,3 @@ proc/checkhtml(var/t) text = replacetext(text, "", "\[cell\]") text = replacetext(text, "", "\[logo\]") return text - diff --git a/code/_globalvars/configuration.dm b/code/_globalvars/configuration.dm index 2d9b9761523..88d4594e740 100644 --- a/code/_globalvars/configuration.dm +++ b/code/_globalvars/configuration.dm @@ -23,6 +23,9 @@ var/mouse_respawn_time = 5 //Amount of time that must pass between a player dyin // It's defined here as a global because this is a hilariously bad thing to have on the easily-edited config datum var/global/shutdown_shell_command +// Also global to prevent easy edits +var/global/python_path = "" //Path to the python executable. Defaults to "python" on windows and "/usr/bin/env python2" on unix + // Debug is used exactly once (in living.dm) but is commented out in a lot of places. It is not set anywhere and only checked. // Debug2 is used in conjunction with a lot of admin verbs and therefore is actually legit. var/Debug = 0 // global debug switch @@ -44,4 +47,4 @@ var/blobevent = 0 //Medals hub related variables var/global/medal_hub = null var/global/medal_pass = " " -var/global/medals_enabled = TRUE //will be auto set to false if the game fails contacting the medal hub to prevent unneeded calls. \ No newline at end of file +var/global/medals_enabled = TRUE //will be auto set to false if the game fails contacting the medal hub to prevent unneeded calls. diff --git a/code/controllers/configuration.dm b/code/controllers/configuration.dm index ff313e62fb3..0cc5a500d16 100644 --- a/code/controllers/configuration.dm +++ b/code/controllers/configuration.dm @@ -142,7 +142,6 @@ var/admin_irc = "" var/admin_notify_irc = "" var/cidrandomizer_irc = "" - var/python_path = "" //Path to the python executable. Defaults to "python" on windows and "/usr/bin/env python2" on unix var/default_laws = 0 //Controls what laws the AI spawns with. @@ -494,12 +493,12 @@ if("python_path") if(value) - config.python_path = value + python_path = value else if(world.system_type == UNIX) - config.python_path = "/usr/bin/env python2" + python_path = "/usr/bin/env python2" else //probably windows, if not this should work anyway - config.python_path = "pythonw" + python_path = "pythonw" if("assistant_limit") config.assistantlimit = 1 diff --git a/code/modules/ext_scripts/irc.dm b/code/modules/ext_scripts/irc.dm index 05ac226d7e7..c0a25979df2 100644 --- a/code/modules/ext_scripts/irc.dm +++ b/code/modules/ext_scripts/irc.dm @@ -2,7 +2,8 @@ if(config.use_irc_bot && config.irc_bot_host.len) for(var/IP in config.irc_bot_host) spawn(0) - ext_python("ircbot_message.py", "[config.comms_password] [IP] [channel] [msg]") + // I have no means of trusting you, cmd + ext_python("ircbot_message.py", "[config.comms_password] [IP] [channel] [paranoid_sanitize(msg)]") return /proc/send2mainirc(var/msg) diff --git a/code/modules/ext_scripts/python.dm b/code/modules/ext_scripts/python.dm index b10fc691309..6781af866e3 100644 --- a/code/modules/ext_scripts/python.dm +++ b/code/modules/ext_scripts/python.dm @@ -4,6 +4,6 @@ if(world.system_type == MS_WINDOWS) script = replacetext(script, "/", "\\") - var/command = config.python_path + " " + script + " " + args + var/command = python_path + " " + script + " " + args shell("[command]") - return \ No newline at end of file + return