5 in a row!
Some of you know of the 'JA Haxxor Toolkit' and its features..
Well, one of these features is a multi-lined name (You can also make it look like someone else said something)
So, an effective way to combat this? Simple.
Adapt your Info_Validate to look like this...
Code:
static const char badChars[] = { '\n', '\r', '\"', ';' };
qboolean Info_Validate( const char *s ) {
int i = 0;
for (i=0; i<sizeof(badChars); i++)
if ( strchr( s, badChars[i] ) )
return qfalse;
return qtrue;
}
That should effectively remove carriage returns, line breaks, semicolons and quotation marks from any field in the userinfo string (Client names are kept in their userinfo string)
EDIT: Silly me, you should also perform this check in the say function (G_Say or something in g_cmds.c)
EDIT: I suppose the semi-logical thing would be to remove all instances of those characters in the string, and afterwards check if there are any characters remaining in the string (To prevent a free method of getting a blank name/etc)