diff --git a/src/votelogger.cpp b/src/votelogger.cpp index 5e39886d..b53c6c57 100644 --- a/src/votelogger.cpp +++ b/src/votelogger.cpp @@ -53,15 +53,25 @@ void dispatchUserMessage(bf_read &buffer, int type) auto &pl = playerlist::AccessData(info.friendsID); if (*vote_kickn && pl.state != playerlist::k_EState::RAGE && pl.state != playerlist::k_EState::DEFAULT) g_IEngine->ClientCmd_Unrestricted("vote option2"); - else if (*vote_kicky && pl.state == playerlist::k_EState::RAGE || pl.state == playerlist::k_EState::DEFAULT) + else if (*vote_kicky && (pl.state == playerlist::k_EState::RAGE || pl.state == playerlist::k_EState::DEFAULT)) g_IEngine->ClientCmd_Unrestricted("vote option1"); } if (*party_say && g_IEngine->GetPlayerInfo(caller, &info2)) { + char formated_string[512]; // because tf2 is stupid and doesn't have escape characters, // use the greek question marks instead. big brain. - // Clang-format why, TODO: Don't use format func - g_IEngine->ExecuteClientCmd(format("say_party [CAT] votekick called: ", boost::replace_all_copy((std::string) info2.name, ";", ";"), " => ", boost::replace_all_copy((std::string) info.name, ";", ";"), " (", reason, ")").c_str()); + std::string kicked_name(info.name), caller_name(info2.name); + /* ';' (0x3B) regular replaced with unicode analog ';' (0xCD 0xBE) + * to prevent exploits (by crafting name such that it executes command) + * and output message properly + * TO DO: Saner way to accomplish same */ + ReplaceString(kicked_name, ";", ";"); + ReplaceString(caller_name, ";", ";"); + std::snprintf(formated_string, sizeof(formated_string), + "say_party [CAT] votekick called: %s => %s (%s)", + caller_name.c_str(), kicked_name.c_str(), reason); + g_IEngine->ExecuteClientCmd(formated_string); } logging::Info("Vote called to kick %s [U:1:%u] for %s", name, steamID, reason); break;