From 360660947b8137fba78981932de6b503b9889e62 Mon Sep 17 00:00:00 2001
From: kwolekr <kwolekr@minetest.net>
Date: Sun, 30 Nov 2014 19:01:37 -0500
Subject: [PATCH] LuaSettings: Sanitize setting name strings

---
 src/script/lua_api/l_settings.cpp |  2 +-
 src/settings.cpp                  | 10 ++++++++++
 src/settings.h                    |  1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/script/lua_api/l_settings.cpp b/src/script/lua_api/l_settings.cpp
index 13a88ee95..c2c6f009d 100644
--- a/src/script/lua_api/l_settings.cpp
+++ b/src/script/lua_api/l_settings.cpp
@@ -73,7 +73,7 @@ int LuaSettings::l_set(lua_State* L)
 	std::string key = std::string(luaL_checkstring(L, 2));
 	const char* value = luaL_checkstring(L, 3);
 
-	o->m_settings->set(key, value);
+	o->m_settings->set(Settings::sanitizeString(key), value);
 
 	return 1;
 }
diff --git a/src/settings.cpp b/src/settings.cpp
index 9485c7d74..34348cc06 100644
--- a/src/settings.cpp
+++ b/src/settings.cpp
@@ -63,6 +63,16 @@ Settings & Settings::operator = (const Settings &other)
 }
 
 
+std::string Settings::sanitizeString(const std::string &value)
+{
+	std::string str = value;
+	for (const char *s = "\t\n\v\f\r\b =\""; *s; s++)
+		str.erase(std::remove(str.begin(), str.end(), *s), str.end());
+
+	return str;
+}
+
+
 std::string Settings::getMultiline(std::istream &is)
 {
 	std::string value;
diff --git a/src/settings.h b/src/settings.h
index d0bd203d3..542fae2a4 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -117,6 +117,7 @@ class Settings {
 		const std::string &end, u32 tab_depth=0);
 
 	static std::string getMultiline(std::istream &is);
+	static std::string sanitizeString(const std::string &value);
 	static void printValue(std::ostream &os, const std::string &name,
 		const SettingsEntry &entry, bool is_value_multiline, u32 tab_depth=0);
 
-- 
GitLab