Browse Source

feat(security): sanitize the participants' names

The `name` property of a participant should probably be changed to `identifier`.
We might then add a (non necessarily unique) name for diplay only.

This is bad, since the regex will obliterate any non-latin character.
Need to check if `\P{Letter}` is supported in Godot.
master
Dominique Merle 2 years ago
parent
commit
2cc30b1afb
  1. 8
      addons/majority_judgment/MajorityJudgmentParticipant.gd

8
addons/majority_judgment/MajorityJudgmentParticipant.gd

@ -17,7 +17,12 @@ static func make(__name):
func set_name(__name:String) -> void:
# FIXME: sanitize
var invalid = RegEx.new()
invalid.compile("[^a-zA-Z0-9+._-]+")
__name = invalid.sub(__name, '', true)
__name = __name.substr(0, min(__name.length(), 20))
if "" == __name:
printerr("Participant name is empty!")
name = __name
@ -25,3 +30,4 @@ func get_name() -> String:
if null == name:
return 'Anonymous'
return name
Loading…
Cancel
Save