Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-picks two server security fixes. #629

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion code/datums/world_topic.dm
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
var/require_comms_key = FALSE

/datum/world_topic/proc/TryRun(list/input)
key_valid = config && (CONFIG_GET(string/comms_key) == input["key"])
key_valid = (CONFIG_GET(string/comms_key) == input["key"]) && CONFIG_GET(string/comms_key) && input["key"]
input -= "key"
if(require_comms_key && !key_valid)
. = "Bad Key"
Expand Down
84 changes: 56 additions & 28 deletions code/modules/plumbing/plumbers/pill_press.dm
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
///the minimum size of a pill or patch
#define MIN_VOLUME 5
///the maximum size a pill or patch can be
#define MAX_VOLUME 50
///max amount of pills allowed on our tile before we start storing them instead
#define MAX_FLOOR_PRODUCTS 10

Expand All @@ -12,16 +10,16 @@
icon_state = "pill_press"
active_power_usage = BASE_MACHINE_ACTIVE_CONSUMPTION * 2

/// current operating product (pills or patches)
var/product = "pill"
/// selected size of the product
var/current_volume = 10
/// maximum printable volume of the product
var/max_volume = 50
/// prefix for the product name
var/product_name = "factory"
/// All packaging types wrapped up in 1 big list
var/static/list/packaging_types = null
///The type of packaging to use
var/packaging_type
var/obj/item/reagent_containers/packaging_type
///Category of packaging
var/packaging_category
/// list of products stored in the machine, so we dont have 610 pills on one tile
Expand Down Expand Up @@ -53,34 +51,28 @@

packaging_types += list(category_item)

packaging_type = REF(GLOB.reagent_containers[CAT_PILLS][1])
decode_category()
packaging_type = GLOB.reagent_containers[CAT_PILLS][1]
max_volume = initial(packaging_type.volume)
current_volume = clamp(current_volume, MIN_VOLUME, max_volume)

AddComponent(/datum/component/plumbing/simple_demand, bolt, layer)

/obj/machinery/plumbing/pill_press/Destroy(force)
QDEL_LAZYLIST(stored_products)
return ..()

/obj/machinery/plumbing/pill_press/examine(mob/user)
. = ..()
. += span_notice("The [name] currently has [stored_products.len] stored. There needs to be less than [MAX_FLOOR_PRODUCTS] on the floor to continue dispensing.")

/// decode product category from it's type path and returns the decoded typepath
/obj/machinery/plumbing/pill_press/proc/decode_category()
var/obj/item/reagent_containers/container = locate(packaging_type)
if(ispath(container, /obj/item/reagent_containers/pill/patch))
packaging_category = CAT_PATCHES
else if(ispath(container, /obj/item/reagent_containers/pill))
packaging_category = CAT_PILLS
else
packaging_category = "Bottles"
return container

/obj/machinery/plumbing/pill_press/process(seconds_per_tick)
if(machine_stat & NOPOWER)
return

//shift & check to account for floating point inaccuracies
if(reagents.total_volume >= current_volume)
var/obj/item/reagent_containers/container = locate(packaging_type)
container = new container(src)
var/obj/item/reagent_containers/container = new packaging_type(src)

var/suffix
switch(packaging_category)
if(CAT_PILLS)
Expand Down Expand Up @@ -122,7 +114,6 @@
var/list/data = list()

data["min_volume"] = MIN_VOLUME
data["max_volume"] = MAX_VOLUME
data["packaging_types"] = packaging_types

return data
Expand All @@ -131,8 +122,9 @@
var/list/data = list()

data["current_volume"] = current_volume
data["max_volume"] = max_volume
data["product_name"] = product_name
data["packaging_type"] = packaging_type
data["packaging_type"] = REF(packaging_type)
data["packaging_category"] = packaging_category

return data
Expand All @@ -142,21 +134,57 @@
if(.)
return

. = TRUE
switch(action)
if("change_current_volume")
current_volume = round(clamp(text2num(params["volume"]), MIN_VOLUME, MAX_VOLUME))
var/value = params["volume"]
if(isnull(value))
return FALSE

value = text2num(value)
if(isnull(value))
return FALSE

current_volume = clamp(value, MIN_VOLUME, max_volume)
return TRUE

if("change_product_name")
var/formatted_name = html_encode(params["name"])
if (length(formatted_name) > MAX_NAME_LEN)
product_name = copytext(formatted_name, 1, MAX_NAME_LEN + 1)
else
product_name = formatted_name
return TRUE

if("change_product")
packaging_type = params["ref"]
var/obj/item/reagent_containers/container = decode_category()
current_volume = clamp(current_volume, MIN_VOLUME, initial(container.volume))
var/container = params["ref"]
if(!container)
return FALSE

//is a valid option
var/container_found = FALSE
for(var/list/category as anything in packaging_types)
if(container_found)
break
for(var/list/package_item as anything in category["products"])
if(container == package_item["ref"])
container_found = TRUE
break
if(!container_found)
return FALSE

//decode container & its category
packaging_type = locate(container)
if(ispath(packaging_type, /obj/item/reagent_containers/pill/patch))
packaging_category = CAT_PATCHES
else if(ispath(packaging_type, /obj/item/reagent_containers/pill))
packaging_category = CAT_PILLS
else
packaging_category = "Bottles"

//get new volumes
max_volume = initial(packaging_type.volume)
current_volume = clamp(current_volume, MIN_VOLUME, max_volume)
return TRUE

#undef MIN_VOLUME
#undef MAX_VOLUME
#undef MAX_FLOOR_PRODUCTS
Loading