diff options
| author | flow <flowlnlnln@gmail.com> | 2023-01-31 15:01:25 -0300 |
|---|---|---|
| committer | flow <flowlnlnln@gmail.com> | 2023-02-02 17:11:24 -0300 |
| commit | 4166d9ab7b4ce374e2705f2f8ed22101d3d5f48c (patch) | |
| tree | 641cd33cfc0706fec1645be3617f4f1824891657 | |
| parent | 435273e08a3cf6cb8197acabb31b1d4889a87254 (diff) | |
| download | PrismLauncher-4166d9ab7b4ce374e2705f2f8ed22101d3d5f48c.tar.gz PrismLauncher-4166d9ab7b4ce374e2705f2f8ed22101d3d5f48c.tar.bz2 PrismLauncher-4166d9ab7b4ce374e2705f2f8ed22101d3d5f48c.zip | |
fix: give error when components have bad uids
This allows other code to reject proceeding when the UID is bad, which
is generally a good idea. :p
Co-authored-by: Sefa Eyeoglu <contact@scrumplex.net>
Signed-off-by: flow <flowlnlnln@gmail.com>
| -rw-r--r-- | launcher/minecraft/OneSixVersionFormat.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/launcher/minecraft/OneSixVersionFormat.cpp b/launcher/minecraft/OneSixVersionFormat.cpp index 280f6b26..c2e33f4b 100644 --- a/launcher/minecraft/OneSixVersionFormat.cpp +++ b/launcher/minecraft/OneSixVersionFormat.cpp @@ -39,6 +39,8 @@ #include "minecraft/ParseUtils.h" #include <minecraft/MojangVersionFormat.h> +#include <QRegularExpression> + using namespace Json; static void readString(const QJsonObject &root, const QString &key, QString &variable) @@ -121,6 +123,15 @@ VersionFilePtr OneSixVersionFormat::versionFileFromJson(const QJsonDocument &doc out->uid = root.value("fileId").toString(); } + const QRegularExpression valid_uid_regex{ QRegularExpression::anchoredPattern(QStringLiteral(R"(\w+(?:\.\w+)*)")) }; + if (!valid_uid_regex.match(out->uid).hasMatch()) { + qCritical() << "The component's 'uid' contains illegal characters! UID:" << out->uid; + out->addProblem( + ProblemSeverity::Error, + QObject::tr("The component's 'uid' contains illegal characters! This can cause security issues.") + ); + } + out->version = root.value("version").toString(); MojangVersionFormat::readVersionProperties(root, out.get()); |