implement max lengths for input dialogs that are sent to the server (#4522)

* implement max lengths for input dialogs that are sent to the server

* missed a double setMaxLength

* implement max string lengths server side

* add custom getText dialog with max length

* fix deck storage tab and miscellaneous server side

* add max size for deck uploads

* final pass on client side limits
This commit is contained in:
ebbit1q 2022-01-16 23:57:01 +01:00 committed by GitHub
parent d61c604bf4
commit 994704d353
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 564 additions and 348 deletions

View file

@ -79,6 +79,7 @@
#include "server_database_interface.h"
#include "server_game.h"
#include "server_room.h"
#include "stringsizes.h"
#include <QDebug>
#include <algorithm>
@ -214,8 +215,8 @@ void Server_Player::setupZones()
const QList<MoveCard_ToZone> &sideboardPlan = deck->getCurrentSideboardPlan();
for (const auto &m : sideboardPlan) {
const QString startZone = QString::fromStdString(m.start_zone());
const QString targetZone = QString::fromStdString(m.target_zone());
const QString startZone = nameFromStdString(m.start_zone());
const QString targetZone = nameFromStdString(m.target_zone());
Server_CardZone *start, *target;
if (startZone == DECK_ZONE_MAIN) {
@ -234,7 +235,7 @@ void Server_Player::setupZones()
}
for (int j = 0; j < start->getCards().size(); ++j) {
if (start->getCards()[j]->getName() == QString::fromStdString(m.card_name())) {
if (start->getCards()[j]->getName() == nameFromStdString(m.card_name())) {
Server_Card *card = start->getCard(j, nullptr, true);
target->insertCard(card, -1, 0);
break;
@ -715,7 +716,7 @@ Server_Player::cmdDeckSelect(const Command_DeckSelect &cmd, ResponseContainer &r
return r;
}
} else {
newDeck = new DeckList(QString::fromStdString(cmd.deck()));
newDeck = new DeckList(fileFromStdString(cmd.deck()));
}
if (!newDeck) {
@ -928,7 +929,7 @@ Server_Player::cmdGameSay(const Command_GameSay &cmd, ResponseContainer & /*rc*/
game->getRoom()->getServer()->getDatabaseInterface()->logMessage(
userInfo->id(), QString::fromStdString(userInfo->name()), QString::fromStdString(userInfo->address()),
QString::fromStdString(cmd.message()), Server_DatabaseInterface::MessageTargetGame, game->getGameId(),
textFromStdString(cmd.message()), Server_DatabaseInterface::MessageTargetGame, game->getGameId(),
game->getDescription());
return Response::RespOk;
@ -1092,7 +1093,7 @@ Server_Player::cmdMoveCard(const Command_MoveCard &cmd, ResponseContainer & /*rc
if (!startPlayer) {
return Response::RespNameNotFound;
}
Server_CardZone *startZone = startPlayer->getZones().value(QString::fromStdString(cmd.start_zone()));
Server_CardZone *startZone = startPlayer->getZones().value(nameFromStdString(cmd.start_zone()));
if (!startZone) {
return Response::RespNameNotFound;
}
@ -1105,7 +1106,7 @@ Server_Player::cmdMoveCard(const Command_MoveCard &cmd, ResponseContainer & /*rc
if (!targetPlayer) {
return Response::RespNameNotFound;
}
Server_CardZone *targetZone = targetPlayer->getZones().value(QString::fromStdString(cmd.target_zone()));
Server_CardZone *targetZone = targetPlayer->getZones().value(nameFromStdString(cmd.target_zone()));
if (!targetZone) {
return Response::RespNameNotFound;
}
@ -1136,7 +1137,7 @@ Server_Player::cmdFlipCard(const Command_FlipCard &cmd, ResponseContainer & /*rc
return Response::RespContextError;
}
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone()));
if (!zone) {
return Response::RespNameNotFound;
}
@ -1165,7 +1166,7 @@ Server_Player::cmdFlipCard(const Command_FlipCard &cmd, ResponseContainer & /*rc
event.set_face_down(faceDown);
ges.enqueueGameEvent(event, playerId);
QString ptString = QString::fromStdString(cmd.pt());
QString ptString = nameFromStdString(cmd.pt());
if (!ptString.isEmpty() && !faceDown) {
setCardAttrHelper(ges, playerId, zone->getName(), card->getId(), AttrPT, ptString);
}
@ -1187,7 +1188,7 @@ Server_Player::cmdAttachCard(const Command_AttachCard &cmd, ResponseContainer &
return Response::RespContextError;
}
Server_CardZone *startzone = zones.value(QString::fromStdString(cmd.start_zone()));
Server_CardZone *startzone = zones.value(nameFromStdString(cmd.start_zone()));
if (!startzone) {
return Response::RespNameNotFound;
}
@ -1210,7 +1211,7 @@ Server_Player::cmdAttachCard(const Command_AttachCard &cmd, ResponseContainer &
return Response::RespContextError;
}
if (targetPlayer) {
targetzone = targetPlayer->getZones().value(QString::fromStdString(cmd.target_zone()));
targetzone = targetPlayer->getZones().value(nameFromStdString(cmd.target_zone()));
}
if (targetzone) {
// This is currently enough to make sure cards don't get attached to a card that is not on the table.
@ -1305,12 +1306,12 @@ Server_Player::cmdCreateToken(const Command_CreateToken &cmd, ResponseContainer
return Response::RespContextError;
}
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone()));
if (!zone) {
return Response::RespNameNotFound;
}
QString cardName = QString::fromStdString(cmd.card_name());
QString cardName = nameFromStdString(cmd.card_name());
int xCoord = cmd.x();
int yCoord = cmd.y();
if (zone->hasCoords()) {
@ -1325,9 +1326,9 @@ Server_Player::cmdCreateToken(const Command_CreateToken &cmd, ResponseContainer
auto *card = new Server_Card(cardName, newCardId(), xCoord, yCoord);
card->moveToThread(thread());
card->setPT(QString::fromStdString(cmd.pt()));
card->setColor(QString::fromStdString(cmd.color()));
card->setAnnotation(QString::fromStdString(cmd.annotation()));
card->setPT(nameFromStdString(cmd.pt()));
card->setColor(nameFromStdString(cmd.color()));
card->setAnnotation(nameFromStdString(cmd.annotation()));
card->setDestroyOnZoneChange(cmd.destroy_on_zone_change());
zone->insertCard(card, xCoord, yCoord);
@ -1379,12 +1380,12 @@ Server_Player::cmdCreateArrow(const Command_CreateArrow &cmd, ResponseContainer
if (!startPlayer || !targetPlayer) {
return Response::RespNameNotFound;
}
QString startZoneName = QString::fromStdString(cmd.start_zone());
QString startZoneName = nameFromStdString(cmd.start_zone());
Server_CardZone *startZone = startPlayer->getZones().value(startZoneName);
bool playerTarget = !cmd.has_target_zone();
Server_CardZone *targetZone = nullptr;
if (!playerTarget) {
targetZone = targetPlayer->getZones().value(QString::fromStdString(cmd.target_zone()));
targetZone = targetPlayer->getZones().value(nameFromStdString(cmd.target_zone()));
}
if (!startZone || (!targetZone && !playerTarget)) {
return Response::RespNameNotFound;
@ -1481,8 +1482,8 @@ Server_Player::cmdSetCardAttr(const Command_SetCardAttr &cmd, ResponseContainer
return Response::RespContextError;
}
return setCardAttrHelper(ges, playerId, QString::fromStdString(cmd.zone()), cmd.card_id(), cmd.attribute(),
QString::fromStdString(cmd.attr_value()));
return setCardAttrHelper(ges, playerId, nameFromStdString(cmd.zone()), cmd.card_id(), cmd.attribute(),
nameFromStdString(cmd.attr_value()));
}
Response::ResponseCode
@ -1499,7 +1500,7 @@ Server_Player::cmdSetCardCounter(const Command_SetCardCounter &cmd, ResponseCont
return Response::RespContextError;
}
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone()));
if (!zone) {
return Response::RespNameNotFound;
}
@ -1538,7 +1539,7 @@ Server_Player::cmdIncCardCounter(const Command_IncCardCounter &cmd, ResponseCont
return Response::RespContextError;
}
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone()));
if (!zone) {
return Response::RespNameNotFound;
}
@ -1607,7 +1608,7 @@ Server_Player::cmdCreateCounter(const Command_CreateCounter &cmd, ResponseContai
return Response::RespContextError;
}
auto *c = new Server_Counter(newCounterId(), QString::fromStdString(cmd.counter_name()), cmd.counter_color(),
auto *c = new Server_Counter(newCounterId(), nameFromStdString(cmd.counter_name()), cmd.counter_color(),
cmd.radius(), cmd.value());
addCounter(c);
@ -1739,7 +1740,7 @@ Server_Player::cmdDumpZone(const Command_DumpZone &cmd, ResponseContainer &rc, G
if (!otherPlayer) {
return Response::RespNameNotFound;
}
Server_CardZone *zone = otherPlayer->getZones().value(QString::fromStdString(cmd.zone_name()));
Server_CardZone *zone = otherPlayer->getZones().value(nameFromStdString(cmd.zone_name()));
if (!zone) {
return Response::RespNameNotFound;
}
@ -1824,7 +1825,7 @@ Server_Player::cmdRevealCards(const Command_RevealCards &cmd, ResponseContainer
if (!otherPlayer)
return Response::RespNameNotFound;
}
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone_name()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone_name()));
if (!zone) {
return Response::RespNameNotFound;
}
@ -1922,7 +1923,7 @@ Response::ResponseCode Server_Player::cmdChangeZoneProperties(const Command_Chan
ResponseContainer & /* rc */,
GameEventStorage &ges)
{
Server_CardZone *zone = zones.value(QString::fromStdString(cmd.zone_name()));
Server_CardZone *zone = zones.value(nameFromStdString(cmd.zone_name()));
if (!zone) {
return Response::RespNameNotFound;
}

View file

@ -20,6 +20,7 @@
#include "server_game.h"
#include "server_player.h"
#include "server_room.h"
#include "stringsizes.h"
#include <QDateTime>
#include <QDebug>
@ -440,16 +441,16 @@ Response::ResponseCode Server_ProtocolHandler::cmdPing(const Command_Ping & /*cm
Response::ResponseCode Server_ProtocolHandler::cmdLogin(const Command_Login &cmd, ResponseContainer &rc)
{
QString userName = QString::fromStdString(cmd.user_name()).simplified();
QString clientId = QString::fromStdString(cmd.clientid()).simplified();
QString clientVersion = QString::fromStdString(cmd.clientver()).simplified();
QString userName = nameFromStdString(cmd.user_name()).simplified();
QString clientId = nameFromStdString(cmd.clientid()).simplified();
QString clientVersion = nameFromStdString(cmd.clientver()).simplified();
QString password;
bool needsHash = false;
if (cmd.has_password()) {
password = QString::fromStdString(cmd.password());
password = nameFromStdString(cmd.password());
needsHash = true;
} else {
password = QString::fromStdString(cmd.hashed_password());
password = nameFromStdString(cmd.hashed_password());
}
if (userInfo != 0) {
@ -461,8 +462,9 @@ Response::ResponseCode Server_ProtocolHandler::cmdLogin(const Command_Login &cmd
QMap<QString, bool> receivedClientFeatures;
QMap<QString, bool> missingClientFeatures;
for (int i = 0; i < cmd.clientfeatures().size(); ++i) {
receivedClientFeatures.insert(QString::fromStdString(cmd.clientfeatures(i)).simplified(), false);
int featureCount = qMin(cmd.clientfeatures().size(), MAX_NAME_LENGTH);
for (int i = 0; i < featureCount; ++i) {
receivedClientFeatures.insert(nameFromStdString(cmd.clientfeatures(i)).simplified(), false);
}
missingClientFeatures =
@ -563,7 +565,7 @@ Response::ResponseCode Server_ProtocolHandler::cmdMessage(const Command_Message
QReadLocker locker(&server->clientsLock);
QString receiver = QString::fromStdString(cmd.user_name());
QString receiver = nameFromStdString(cmd.user_name());
Server_AbstractUserInterface *userInterface = server->findUser(receiver);
if (!userInterface) {
return Response::RespNameNotFound;
@ -577,7 +579,7 @@ Response::ResponseCode Server_ProtocolHandler::cmdMessage(const Command_Message
Event_UserMessage event;
event.set_sender_name(userInfo->name());
event.set_receiver_name(cmd.user_name());
event.set_receiver_name(receiver.toStdString());
event.set_message(cmd.message());
SessionEvent *se = prepareSessionEvent(event);
@ -608,7 +610,7 @@ Response::ResponseCode Server_ProtocolHandler::cmdGetGamesOfUser(const Command_G
Server_Room *room = roomIterator.next().value();
room->gamesLock.lockForRead();
room->getInfo(*re->add_room_list(), false, true);
QListIterator<ServerInfo_Game> gameIterator(room->getGamesOfUser(QString::fromStdString(cmd.user_name())));
QListIterator<ServerInfo_Game> gameIterator(room->getGamesOfUser(nameFromStdString(cmd.user_name())));
while (gameIterator.hasNext())
re->add_game_list()->CopyFrom(gameIterator.next());
room->gamesLock.unlock();
@ -624,7 +626,7 @@ Response::ResponseCode Server_ProtocolHandler::cmdGetUserInfo(const Command_GetU
if (authState == NotLoggedIn)
return Response::RespLoginNeeded;
QString userName = QString::fromStdString(cmd.user_name());
QString userName = nameFromStdString(cmd.user_name());
Response_GetUserInfo *re = new Response_GetUserInfo;
if (userName.isEmpty())
re->mutable_user_info()->CopyFrom(*userInfo);
@ -765,11 +767,11 @@ bool Server_ProtocolHandler::addSaidMessageSize(int size)
Response::ResponseCode
Server_ProtocolHandler::cmdRoomSay(const Command_RoomSay &cmd, Server_Room *room, ResponseContainer & /*rc*/)
{
QString msg = QString::fromStdString(cmd.message());
if (!addSaidMessageSize(msg.size())) {
if (!addSaidMessageSize(cmd.message().size())) {
return Response::RespChatFlood;
}
QString msg = QString::fromStdString(cmd.message());
msg.replace(QChar('\n'), QChar(' '));
room->say(QString::fromStdString(userInfo->name()), msg);
@ -807,18 +809,19 @@ Server_ProtocolHandler::cmdCreateGame(const Command_CreateGame &cmd, Server_Room
}
QList<int> gameTypes;
for (int i = cmd.game_type_ids_size() - 1; i >= 0; --i) { // FIXME: why are these iterated in reverse?
int gameTypeCount = qMin(cmd.game_type_ids().size(), MAX_NAME_LENGTH);
for (int i = 0; i < gameTypeCount; ++i) { // the client actually only sends one of these
gameTypes.append(cmd.game_type_ids(i));
}
QString description = QString::fromStdString(cmd.description()).left(60);
QString description = nameFromStdString(cmd.description());
// When server doesn't permit registered users to exist, do not honor only-reg setting
bool onlyRegisteredUsers = cmd.only_registered() && (server->permitUnregisteredUsers());
Server_Game *game = new Server_Game(
copyUserInfo(false), gameId, description, QString::fromStdString(cmd.password()), cmd.max_players(), gameTypes,
cmd.only_buddies(), onlyRegisteredUsers, cmd.spectators_allowed(), cmd.spectators_need_password(),
cmd.spectators_can_talk(), cmd.spectators_see_everything(), room);
Server_Game *game = new Server_Game(copyUserInfo(false), gameId, description, nameFromStdString(cmd.password()),
cmd.max_players(), gameTypes, cmd.only_buddies(), onlyRegisteredUsers,
cmd.spectators_allowed(), cmd.spectators_need_password(),
cmd.spectators_can_talk(), cmd.spectators_see_everything(), room);
game->addPlayer(this, rc, asSpectator, asJudge, false);
room->addGame(game);

View file

@ -11,6 +11,7 @@
#include "pb/serverinfo_room.pb.h"
#include "server_game.h"
#include "server_protocolhandler.h"
#include "stringsizes.h"
#include <QDateTime>
#include <QDebug>
@ -264,9 +265,8 @@ Response::ResponseCode Server_Room::processJoinGameCommand(const Command_JoinGam
QMutexLocker gameLocker(&game->gameMutex);
Response::ResponseCode result =
game->checkJoin(userInterface->getUserInfo(), QString::fromStdString(cmd.password()), cmd.spectator(),
cmd.override_restrictions(), cmd.join_as_judge());
Response::ResponseCode result = game->checkJoin(userInterface->getUserInfo(), nameFromStdString(cmd.password()),
cmd.spectator(), cmd.override_restrictions(), cmd.join_as_judge());
if (result == Response::RespOk)
game->addPlayer(userInterface, rc, cmd.spectator(), cmd.join_as_judge());

29
common/stringsizes.h Normal file
View file

@ -0,0 +1,29 @@
// max sizes of strings used in the protocol
#ifndef STRINGSIZES_H
#define STRINGSIZES_H
#include <QString>
#include <QtMath>
// max size for short strings, like names and things that are generally a single phrase
constexpr int MAX_NAME_LENGTH = 0xff;
// max size for chat messages and text contents
constexpr int MAX_TEXT_LENGTH = 0xfff;
// max size for deck files and pictures
constexpr int MAX_FILE_LENGTH = 0xfffff; // about a megabyte
// optimized functions to get qstrings that are at most that long
static inline QString nameFromStdString(const std::string &_string)
{
return QString::fromUtf8(_string.data(), std::min(int(_string.size()), MAX_NAME_LENGTH));
}
static inline QString textFromStdString(const std::string &_string)
{
return QString::fromUtf8(_string.data(), std::min(int(_string.size()), MAX_TEXT_LENGTH));
}
static inline QString fileFromStdString(const std::string &_string)
{
return QString::fromUtf8(_string.data(), std::min(int(_string.size()), MAX_FILE_LENGTH));
}
#endif // STRINGSIZES_H