Add cl_allow_downloads

This variable controls which file extensions a client/server can download/upload from/to the server/client.
QW-Group · Dec 31, 2024 · 41852d4 · 41852d4
1 parent b276b1d
commit 41852d4
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/help_variables.json b/help_variables.json
@@ -1037,6 +1037,12 @@
         }
       ]
     },
+    "cl_allow_downloads": {
+      "default": "bsp,lmp,loc,mdl,mvd,pcx,spr,wad,wav",
+      "desc": "This variable controls which file extensions a client/server can download/upload from/to the server/client.",
+      "group-id": "9",
+      "type": "string"
+    },
     "cl_anglespeedkey": {
       "default": "1.5",
       "desc": "This variable sets multiplier by which your \"cl_yawspeed\" (how fast you turn) is multiplied when running (+speed).",

diff --git a/src/cl_cmd.c b/src/cl_cmd.c
@@ -626,14 +626,30 @@ void CL_Rcon_f (void) {
 
 qbool CL_Download_Accept(const char *filename)
 {
+	char *str, *tmp, *ext;
+	qbool is_valid = false;
+	extern cvar_t cl_allow_downloads;
+
 	if (strstr(filename, "..") || !strcmp(filename, "") || filename[0] == '/' || strchr(filename, '\\') || strchr(filename, ':') || strstr(filename, "//")) {
 		Com_Printf("Warning: Invalid characters in filename \"%s\"\n", filename);
 		return false;
 	}
 
-	const char *tmp = strrchr(filename, '.');
-	if (tmp != NULL && (!strcasecmp(tmp, ".dll") || !strcasecmp(tmp, ".so"))) {
-		Com_Printf("Warning: Non-allowed file \"%s\" skipped\n", filename);
+	ext = COM_FileExtension(filename);
+	str = Q_strdup(cl_allow_downloads.string);
+	tmp = strtok(str, ",");
+	while (tmp != NULL) {
+		if (strcmp(ext, tmp) == 0) {
+			is_valid = true;
+			break;
+		}
+
+		tmp = strtok(NULL, ",");
+	}
+	Q_free(str);
+
+	if (!is_valid) {
+		Com_Printf("Warning: Non-allowed file \"%s\" skipped. Add \"%s\" to cl_allow_download_file_extensions to allow the file to be downloaded\n", filename, ext);
 		return false;
 	}
 

diff --git a/src/cmd.c b/src/cmd.c
@@ -68,6 +68,8 @@ cvar_t cl_remote_capabilities = {"cl_remote_capabilities", REMOTE_CAPABILITIES,
 				   OnChange_remote_capabilities};
 hashtable_t *rc_hash;
 
+cvar_t cl_allow_downloads = {"cl_allow_downloads", "bsp,lmp,loc,mdl,mvd,pcx,spr,wad,wav"};
+
 cbuf_t cbuf_main;
 cbuf_t cbuf_svc;
 cbuf_t cbuf_safe, cbuf_formatted_comms;
@@ -2493,6 +2495,7 @@ void Cmd_Init (void)
 	Cvar_Register(&cl_curlybraces);
 	Cvar_Register(&cl_warnexec);
 	Cvar_Register(&cl_remote_capabilities);
+	Cvar_Register(&cl_allow_downloads);
 
 	Cmd_AddCommand ("macrolist", Cmd_MacroList_f);
 	qsort(msgtrigger_commands,