Mirrors/overte-thingvellir
3
0
Fork 0
mirror of https://thingvellir.net/git/overte synced 2025-03-27 23:52:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

check URL host for script whitelist, not startsWith

Browse source
This commit is contained in:
Stephen Birarda 2017-01-23 13:36:02 -08:00
parent 45a4ec349e
commit db398b7850
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
libraries/entities/src/EntityTree.cpp
View file

@ -958,9 +958,12 @@ int EntityTree::processEditPacketData(ReceivedMessage& message, const unsigned c
if (validEditPacket && !_entityScriptSourceWhitelist.isEmpty() && !properties.getScript().isEmpty()) {
bool passedWhiteList = false;
auto entityScript = properties.getScript();
// grab a URL representation of the entity script so we can check the host for this script
auto entityScriptURL = QUrl::fromUserInput(properties.getScript());
for (const auto& whiteListedPrefix : _entityScriptSourceWhitelist) {
if (entityScript.startsWith(whiteListedPrefix, Qt::CaseInsensitive)) {
if (entityScriptURL.host().compare(whiteListedPrefix, Qt::CaseInsensitive) == 0) {
passedWhiteList = true;
break;
}