[Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
The proposal to merge lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands has been updated. Status: Needs review => Merged For more details, see: https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 -- Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
Re: [Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
Great, thanks! @bunnybot merge -- https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
Re: [Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
How about "For reporting bugs, visit:"? Too keep it short. I have done some testing now and it's working, so this branch can go in once we have agreed on the string. -- https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
Re: [Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
Thanks for the review. Interesting to know that we will move to GitHub. Since we are now only linking to instructions about how to report a bug, maybe change "Please report bugs at:" to "For instructions about how to report bugs, see:" ? -- https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
Re: [Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
Review: Approve Code LGTM, not tested yet. I have added some string fixes. Links should not be translatable, and all links need to point to our own site, because we're planning to mover to GitHub after Build 20 comes out, and the Launchpad links will become invalid. -- https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
[Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
Continuous integration builds have changed state: Travis build 3821. State: passed. Details: https://travis-ci.org/widelands/widelands/builds/418391546. Appveyor build 3620. State: success. Details: https://ci.appveyor.com/project/widelands-dev/widelands/build/_widelands_dev_widelands_bug_1784200_single_line_escaping-3620. -- https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
[Widelands-dev] [Merge] lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands
Notabilis has proposed merging lp:~widelands-dev/widelands/bug-1784200-single-line-escaping into lp:widelands. Commit message: More strict sanitizing of chat messages. Printing a welcome message on joining the metaserver. Requested reviews: GunChleoc (gunchleoc) Related bugs: Bug #1784200 in widelands: "clash with font renderer and server messages?" https://bugs.launchpad.net/widelands/+bug/1784200 For more details, see: https://code.launchpad.net/~widelands-dev/widelands/bug-1784200-single-line-escaping/+merge/353446 More strict sanitizing of chat messages to avoid future bugs with formatted text. All characters are now displayed as they are entered and are no longer interpreted as richtext. Also, printing a message when joining the metaserver lobby, similar to the previous message send by the metaserver. -- Your team Widelands Developers is subscribed to branch lp:~widelands-dev/widelands/bug-1784200-single-line-escaping. === modified file 'src/network/internet_gaming.cc' --- src/network/internet_gaming.cc 2018-05-03 14:24:27 + +++ src/network/internet_gaming.cc 2018-08-20 19:15:14 + @@ -367,6 +367,7 @@ } else if (cmd == IGPCMD_LOGIN) { // Clients request to login was granted + format_and_add_chat("", "", true, _("Welcome on the Widelands Metaserver!")); const std::string assigned_name = packet.string(); if (clientname_ != assigned_name) { format_and_add_chat( @@ -383,6 +384,10 @@ reg_ = false; authenticator_ = crypto::sha1(clientname_ + authenticator_); } + format_and_add_chat("", "", true, _("Our forums can be found at:")); + format_and_add_chat("", "", true, _("https://wl.widelands.org/forum/;)); + format_and_add_chat("", "", true, _("Please report bugs at:")); + format_and_add_chat("", "", true, _("https://launchpad.net/widelands;)); state_ = LOBBY; log("InternetGaming: Client %s logged in.\n", clientname_.c_str()); return; === modified file 'src/wui/chat_msg_layout.cc' --- src/wui/chat_msg_layout.cc 2018-04-07 16:59:00 + +++ src/wui/chat_msg_layout.cc 2018-08-20 19:15:14 + @@ -46,7 +46,7 @@ const std::string& font_face = "serif"; std::string message = ""; - std::string sanitized = sanitize_message(chat_message); + std::string sanitized = richtext_escape(chat_message.msg); // time calculation char ts[13]; @@ -99,49 +99,3 @@ // return the formated message return message + ""; } - -std::string sanitize_message(const ChatMessage& chat_message) { - // Escape richtext characters - // The goal of this code is two-fold: - // 1. Assuming an honest game host, we want to prevent the ability of - // clients to use richtext. - // 2. Assuming a malicious host or meta server, we want to reduce the - // likelihood that a bug in the richtext renderer can be exploited, - // by restricting the set of allowed richtext commands. - // Most notably, images are not allowed in richtext at all. - // - // Note that we do want host and meta server to send some richtext code, - // as the ability to send formatted commands is nice for the usability - // of meta server so we're treading a bit of a fine line here. - - if (chat_message.playern >= 0) { - return richtext_escape(chat_message.msg); - } - - std::string sanitized; - for (std::string::size_type pos = 0; pos < chat_message.msg.size(); ++pos) { - if (chat_message.msg[pos] == '<') { - static const std::string good1 = "', pos + good1.size()); -if (nextclose != std::string::npos && -(nextclose == pos + good1.size() || chat_message.msg[pos + good1.size()] == ' ')) { - sanitized += good1; - pos += good1.size() - 1; - continue; -} - } else if (!chat_message.msg.compare(pos, good2.size(), good2)) { -sanitized += good2; -pos += good2.size() - 1; -continue; - } - - sanitized += ""; - } else { - sanitized += chat_message.msg[pos]; - } - } - return sanitized; -} === modified file 'src/wui/chat_msg_layout.h' --- src/wui/chat_msg_layout.h 2018-04-07 16:59:00 + +++ src/wui/chat_msg_layout.h 2018-08-20 19:15:14 + @@ -25,6 +25,4 @@ // Formats 'chat_message' as richtext. std::string format_as_richtext(const ChatMessage& chat_message); -std::string sanitize_message(const ChatMessage& chat_message); - #endif // end of include guard: WL_WUI_CHAT_MSG_LAYOUT_H ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp