Add sound path checking (#1850)

thegrb93 · Sep 15, 2024 · b63a112 · b63a112
1 parent 73fea61
commit b63a112
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 6 deletions.
diff --git a/lua/starfall/libs_sh/entities.lua b/lua/starfall/libs_sh/entities.lua
@@ -319,8 +319,7 @@ end
 -- @param number channel Default CHAN_AUTO or CHAN_WEAPON for weapons
 function ents_methods:emitSound(snd, lvl, pitch, volume, channel)
 	checkluatype(snd, TYPE_STRING)
-	if #snd>260 then SF.Throw("Sound path too long!") end
-	if string.match(snd, "[\"?]") then SF.Throw("Sound path contains invalid characters!") end
+	snd = SF.CheckSound(snd)
 
 	local ent = getent(self)
 	checkpermission(instance, ent, "entities.emitSound")

diff --git a/lua/starfall/libs_sh/sound.lua b/lua/starfall/libs_sh/sound.lua
@@ -75,9 +75,7 @@ end)
 function sound_library.create(ent, path, nofilter)
 	checkluatype(path, TYPE_STRING)
 	if nofilter~=nil then checkluatype(nofilter, TYPE_BOOL) end
-
-	if #path>260 then SF.Throw("Sound path too long!") end
-	if string.match(path, "[\"?]") then SF.Throw("Sound path contains invalid characters!") end
+	path = SF.CheckSound(path)
 
 	checkpermission(instance, { ent, path }, "sound.create")
 

diff --git a/lua/starfall/sflib.lua b/lua/starfall/sflib.lua
@@ -1442,7 +1442,6 @@ function SF.CheckMaterial(material)
 	return mat
 end
 
-
 function SF.CheckModel(model, player, prop)
 	if #model > 260 then SF.Throw("Model path too long!", 3) end
 	model = SF.NormalizePath(string.lower(model))
@@ -1451,6 +1450,27 @@ function SF.CheckModel(model, player, prop)
 	return model
 end
 
+function SF.CheckSound(path)
+	-- Limit length and remove invalid chars
+	if #path>260 then SF.Throw("Sound path too long!", 3) end
+	path = SF.NormalizePath(string.gsub(path, "[\"?']", ""))
+
+	-- Extract sound flags. Only allowed flags are '<', '>', '^', ')'
+	local flags
+	flags, path = string.match(path, "^([^%w_/%.]*)(.*)")
+	if #flags==0 then
+		flags = nil
+	elseif #flags>2 or string.match(flags, "[^<>%^%)]") then
+		SF.Throw("Invalid sound flags! "..flags, 3)
+	end
+
+	if not (istable(sound.GetProperties(path)) or file.Exists("sound/" .. path, "GAME")) then
+		SF.Throw("Invalid sound path! "..path, 3)
+	end
+
+	return flags and (flags..path) or path
+end
+
 function SF.CheckRagdoll(model)
 	if #model > 260 then return false end
 	model = SF.NormalizePath(string.lower(model))