/*=================================================================================
With many sites now having a live who list on their website using
either their own custom code, or a "webwho" snippet, I realized
there are some things that can be utilized that can mess up a website,
or even compromising a player's privacy. Most MUD's allowed anything
to be used in their titles or afk messages.
If they post an e-mail address on their title, and it posts on the website,
this can allow spam bots to get player's e-mail addresses. At the same time,
if they post something in brackets (say a code bit), they could easilly
implant viruses, or other material into the site. I went ahead and also
added a simple set of url checks to not allow common URL bits (and workarounds)
to be used. I use the URLs bit for my AFK messages as well (to keep out advertising
and spammers.)
I don't require a lot of credit. Just leave the comment in there, please.
This is also for your information to tell what the bit of code does.
While this piece of code is for the "titles", you can also modify it easilly
and use it for other commands (afk messages, and other things that can be
posted onto the website.) So... here we go...
--Koqlb of Subversive Visions.
subversive.themudhost.net port 7500
NOTE: I use it on a QuickMUD, but it works for almost all ROMs. If you use C++ insead
of C, you may have to change the code some. Feel free to modify this code.
=================================================================================*/
//In act_info.c, or whatever your "do_title" function is in,
//find this code:
send_to_char ("Change your title to what?\n\r", ch);
//You will see something like:
if (argument[0] == '\0')
{
send_to_char ("Change your title to what?\n\r", ch);
return;
}
//Below this check, and above:
smash_tilde (argument);
set_title (ch, argument);
send_to_char ("Ok.\n\r", ch);
//Add the following code:
/* For security's sake, html, javascript, and all other scripts and code
* is not allowed. URLs and e-mail addresses also aren't allowed.
* It could compromise player privacy.
* If they do, return a message.
* -Koqlb of Subversive Visions. 12/20/14
*/
/*html, javascript, etc. */
else if (strstr(argument, "<") != NULL)
{
send_to_char("{GScripts and HTML code cannot be used in titles.{x\n\r", ch);
return;
}
else if (strstr(argument, ">") != NULL)
{
send_to_char("{GScripts and HTML code cannot be used in titles{x\n\r", ch);
return;
}
/* CSS, C, C++, java, etc. Left bracket not included due to Lopes colour codes. */
else if (strstr(argument, "}") != NULL)
{
send_to_char("{GProgramming code cannot be used in titles.{x\n\r",ch);
return;
}
/* bb code, table codes, etc. */
else if (strstr(argument, "[") != NULL)
{
send_to_char("{GCode{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "]") != NULL)
{
send_to_char("{GCode{x cannot be used in titles.{x\n\r",ch);
return;
}
/* Begin URL Check */
else if (strstr(argument, "@") != NULL)
{
send_to_char("{GE-mail addresses{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "http") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "www") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ". com") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "dot com") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "dot com") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, "w w w") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ".com") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ".gov") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ".to") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ".net") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
else if (strstr(argument, ".net") != NULL)
{
send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch);
return;
}
/* End URL and Code check.*/