Anonymous | Login | Signup for a new account | 27-12-24 09:43 CET |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||
ID | Project | Category | View Status | Date Submitted | Last Update | |
0001900 | SphereServer | executable - generic | public | 28-01-11 17:54 | 24-07-14 18:08 | |
Reporter | Terrikate | |||||
Assigned To | XuN | |||||
Priority | normal | Severity | tweak | Reproducibility | always | |
Status | resolved | Resolution | fixed | |||
Platform | OS | OS Version | ||||
Product Version | ||||||
Target Version | Fixed in Version | 0.56c Nightly | ||||
Summary | 0001900: Skipping any control speech (including default spk_player) | |||||
Description | You can skip any sections speech check if the sentence begins with ()= | |||||
Tags | No tags attached. | |||||
Nightly Version | Automated (specify build number) | |||||
Experimental Flags | None | |||||
Option Flags | None | |||||
Internal Build Number | 1402 | |||||
Attached Files | ||||||
Notes | |
(0000880) MrSugarCube (administrator) 29-01-11 14:04 |
Do you have an example? Each of the following worked fine for me (in spk_player): ON=*boo* // accepts "boo", "()=boo", "(boo)", "boo()=" SYSMESSAGE You said *boo*! RETURN 2 ON=*boo // accepts "boo", "()=boo" SYSMESSAGE You said *boo! RETURN 2 ON=boo* // accepts "boo", "boo()=" SYSMESSAGE You said boo*! RETURN 2 |
(0000883) Terrikate (developer) 29-01-11 16:26 |
Sorry!. It is a failure of long ago and spoke from memory without remembering the exact failure ... The problem is the comparison with STRCMPI, STRCMP and STRMATCH. If you use the characters () = you skip the checks and fails on the console. EXAMPLE ON=* SERV.LOG <ARGS> IF (<SRC.FLAGS>&STATF_DEAD) IF !STRCMPI(<ARGS>,all come) ELSEIF !STRCMPI(<ARGS>,all stop) ELSEIF !STRCMPI(<ARGS>,navegacion) ELSE RETURN 1 ENDIF ENDIF 16:11:ERROR:(sphere_speech.scp,54)Undefined symbol 'SDGG' 16:11:(sphere_speech.scp,61)()=SDGG |
(0000884) Terrikate (developer) 29-01-11 16:27 |
Affect any system that uses comparisons. Another flaw is that the comparators allow the use of asterisks and question marks as wildcards, so if you put an * when you are asking for a 3 digit code will pass the test. Also if you put three characters of interrogations. |
(0000974) babidi (reporter) 23-03-11 09:01 |
can be a way to inject code this way? |
(0002365) XuN (developer) 23-07-14 19:47 |
Not happening me, can you still reproduce it? |
(0002367) XuN (developer) 24-07-14 18:08 |
Closed since there's no problem anymore. |
Issue History | |||
Date Modified | Username | Field | Change |
28-01-11 17:54 | Terrikate | New Issue | |
29-01-11 14:04 | MrSugarCube | Note Added: 0000880 | |
29-01-11 16:26 | Terrikate | Note Added: 0000883 | |
29-01-11 16:27 | Terrikate | Note Added: 0000884 | |
29-01-11 17:13 | MrSugarCube | Relationship added | parent of 0001739 |
29-01-11 17:14 | MrSugarCube | Relationship replaced | related to 0001739 |
23-03-11 09:01 | babidi | Note Added: 0000974 | |
23-07-14 19:47 | XuN | Note Added: 0002365 | |
24-07-14 18:08 | XuN | Note Added: 0002367 | |
24-07-14 18:08 | XuN | Status | new => resolved |
24-07-14 18:08 | XuN | Fixed in Version | => 0.56c Nightly |
24-07-14 18:08 | XuN | Resolution | open => fixed |
24-07-14 18:08 | XuN | Assigned To | => XuN |
Copyright © 2000 - 2010 MantisBT Group |