From: Killerqu00 <47712032+Killerqu00@users.noreply.github.com> Date: Tue, 27 May 2025 06:27:31 +0000 (+0100) Subject: Sanitize admin UI input for role bans (#35422) X-Git-Url: https://git.smokeofanarchy.ru/gitweb.cgi?a=commitdiff_plain;h=26a0bfbbc5b641d431705fa536a612958aa8c9bf;p=space-station-14.git Sanitize admin UI input for role bans (#35422) if job does not exist, log it --- diff --git a/Content.Server/Administration/BanPanelEui.cs b/Content.Server/Administration/BanPanelEui.cs index 3eedad3ed5..0a09ad557f 100644 --- a/Content.Server/Administration/BanPanelEui.cs +++ b/Content.Server/Administration/BanPanelEui.cs @@ -7,7 +7,9 @@ using Content.Server.EUI; using Content.Shared.Administration; using Content.Shared.Database; using Content.Shared.Eui; +using Content.Shared.Roles; using Robust.Shared.Network; +using Robust.Shared.Prototypes; namespace Content.Server.Administration; @@ -19,6 +21,7 @@ public sealed class BanPanelEui : BaseEui [Dependency] private readonly IPlayerLocator _playerLocator = default!; [Dependency] private readonly IChatManager _chat = default!; [Dependency] private readonly IAdminManager _admins = default!; + [Dependency] private readonly IPrototypeManager _prototypeManager = default!; private readonly ISawmill _sawmill; @@ -121,7 +124,14 @@ public sealed class BanPanelEui : BaseEui var now = DateTimeOffset.UtcNow; foreach (var role in roles) { - _banManager.CreateRoleBan(targetUid, target, Player.UserId, addressRange, targetHWid, role, minutes, severity, reason, now); + if (_prototypeManager.HasIndex(role)) + { + _banManager.CreateRoleBan(targetUid, target, Player.UserId, addressRange, targetHWid, role, minutes, severity, reason, now); + } + else + { + _sawmill.Warning($"{Player.Name} ({Player.UserId}) tried to issue a job ban with an invalid job: {role}"); + } } Close();