Ken L
January 12th, 2018, 22:11
removeEffect in manager_effect.lua does not escape magic characters
function removeEffect(nodeCTEntry, sEffPatternToRemove)
if not sEffPatternToRemove then
return;
end
for _,nodeEffect in pairs(DB.getChildren(nodeCTEntry, "effects")) do
if DB.getValue(nodeEffect, "label", ""):match(sEffPatternToRemove) then
nodeEffect.delete();
return;
end
end
end
To fix this, simply substitute escapes prior to the use of string:match. This has been around for a very long time, i'm surprised it wasn't caught.
function removeEffect(nodeCTEntry, sEffPatternToRemove)
if not sEffPatternToRemove then
return;
end
for _,nodeEffect in pairs(DB.getChildren(nodeCTEntry, "effects")) do
if DB.getValue(nodeEffect, "label", ""):match(escMagic(sEffPatternToRemove)) then
nodeEffect.delete();
return;
end
end
end
--[[
Escape magic characters
]]--
function escMagic(str)
if not str then return; end
str = str:gsub('%(','%%(');
str = str:gsub('%)','%%)');
str = str:gsub('%.','%%.');
str = str:gsub('%+','%%+');
str = str:gsub('%-','%%-');
str = str:gsub('%*','%%*');
str = str:gsub('%?','%%?');
str = str:gsub('%[','%%[');
str = str:gsub('%^','%%^');
str = str:gsub('%$','%%$');
return str;
end
Reason this is relevant: flat-footed would not be removed on duplicate detection as it contains a hyphen and would never be matched. This is also applicable to other rule-sets that have magic characters in effect labels.
function removeEffect(nodeCTEntry, sEffPatternToRemove)
if not sEffPatternToRemove then
return;
end
for _,nodeEffect in pairs(DB.getChildren(nodeCTEntry, "effects")) do
if DB.getValue(nodeEffect, "label", ""):match(sEffPatternToRemove) then
nodeEffect.delete();
return;
end
end
end
To fix this, simply substitute escapes prior to the use of string:match. This has been around for a very long time, i'm surprised it wasn't caught.
function removeEffect(nodeCTEntry, sEffPatternToRemove)
if not sEffPatternToRemove then
return;
end
for _,nodeEffect in pairs(DB.getChildren(nodeCTEntry, "effects")) do
if DB.getValue(nodeEffect, "label", ""):match(escMagic(sEffPatternToRemove)) then
nodeEffect.delete();
return;
end
end
end
--[[
Escape magic characters
]]--
function escMagic(str)
if not str then return; end
str = str:gsub('%(','%%(');
str = str:gsub('%)','%%)');
str = str:gsub('%.','%%.');
str = str:gsub('%+','%%+');
str = str:gsub('%-','%%-');
str = str:gsub('%*','%%*');
str = str:gsub('%?','%%?');
str = str:gsub('%[','%%[');
str = str:gsub('%^','%%^');
str = str:gsub('%$','%%$');
return str;
end
Reason this is relevant: flat-footed would not be removed on duplicate detection as it contains a hyphen and would never be matched. This is also applicable to other rule-sets that have magic characters in effect labels.