{force} allows escape character in input

Question

{force} allows escape character in input

Loonesbury opened this issue 2 years ago · 2 comments

When a player is forced by MPI, the command string isn't sanitized compared to normal client input, so you can get \27's into logfiles and the database. This might not necessarily cause problems, but I'm not sure if it's intended behavior.

To reproduce:

@mpi {force:me,@desc me=\[[1;33mhello world}

Answer 1 · 2022-12-17T23:07:02.000Z

While it isn't intended behavior, I'm also not sure it matters enough to fix? If it's easy to fix, let's do it, i.e. if we can use some existing sanitization routine. I believe there is such a routine but my memory is a little rusty there.

Answer 2 · 2022-12-17T23:08:30.000Z

Gotcha, thought I'd ask before just going ahead and doing it.