From 8f2c9046514ccb8065bc1cb5d261d5e71982d22d Mon Sep 17 00:00:00 2001
From: James R <justsomejames2@gmail.com>
Date: Fri, 2 Feb 2024 04:22:07 -0800
Subject: [PATCH] Sanitize server name and contact fields of non-ASCII
 characters except color codes

- Strip button codes and other control characters
- Preserve 0x80 - 0x8F color codes
---
 src/CMakeLists.txt |  1 +
 src/d_clisrv.c     |  9 +++---
 src/sanitize.cpp   | 72 ++++++++++++++++++++++++++++++++++++++++++++++
 src/sanitize.h     | 42 +++++++++++++++++++++++++++
 4 files changed, 119 insertions(+), 5 deletions(-)
 create mode 100644 src/sanitize.cpp
 create mode 100644 src/sanitize.h

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 92849c919..ea33f156b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -161,6 +161,7 @@ add_executable(SRB2SDL2 MACOSX_BUNDLE WIN32
 	k_credits.cpp
 	music.cpp
 	music_manager.cpp
+	sanitize.cpp
 )
 
 if(SRB2_CONFIG_ENABLE_WEBM_MOVIES)
diff --git a/src/d_clisrv.c b/src/d_clisrv.c
index be990a35c..9345dcdb0 100644
--- a/src/d_clisrv.c
+++ b/src/d_clisrv.c
@@ -65,6 +65,7 @@
 #include "k_zvote.h"
 #include "music.h"
 #include "k_bans.h"
+#include "sanitize.h"
 
 // cl loading screen
 #include "v_video.h"
@@ -4346,7 +4347,6 @@ void HandleSigfail(const char *string)
   */
 static void HandleServerInfo(SINT8 node)
 {
-	char servername[MAXSERVERNAME];
 	// compute ping in ms
 	const tic_t ticnow = I_GetTime();
 	const tic_t ticthen = (tic_t)LONG(netbuffer->u.serverinfo.time);
@@ -4357,8 +4357,7 @@ static void HandleServerInfo(SINT8 node)
 		[sizeof netbuffer->u.serverinfo.application - 1] = '\0';
 	netbuffer->u.serverinfo.gametypename
 		[sizeof netbuffer->u.serverinfo.gametypename - 1] = '\0';
-	memcpy(servername, netbuffer->u.serverinfo.servername, MAXSERVERNAME);
-	CopyCaretColors(netbuffer->u.serverinfo.servername, servername, MAXSERVERNAME);
+	D_SanitizeKeepColors(netbuffer->u.serverinfo.servername, netbuffer->u.serverinfo.servername, MAXSERVERNAME);
 
 	// If we have cause to reject it, it's not worth observing.
 	if (
@@ -4578,8 +4577,8 @@ static void HandlePacketFromAwayNode(SINT8 node)
 
 				memcpy(server_context, netbuffer->u.servercfg.server_context, 8);
 
-				strlcpy(connectedservername, netbuffer->u.servercfg.server_name, MAXSERVERNAME);
-				strlcpy(connectedservercontact, netbuffer->u.servercfg.server_contact, MAXSERVERCONTACT);
+				D_SanitizeKeepColors(connectedservername, netbuffer->u.servercfg.server_name, MAXSERVERNAME);
+				D_SanitizeKeepColors(connectedservercontact, netbuffer->u.servercfg.server_contact, MAXSERVERCONTACT);
 			}
 
 #ifdef HAVE_DISCORDRPC
diff --git a/src/sanitize.cpp b/src/sanitize.cpp
new file mode 100644
index 000000000..0fbe146f9
--- /dev/null
+++ b/src/sanitize.cpp
@@ -0,0 +1,72 @@
+// DR. ROBOTNIK'S RING RACERS
+//-----------------------------------------------------------------------------
+// Copyright (C) 2024 by James Robert Roman
+//
+// This program is free software distributed under the
+// terms of the GNU General Public License, version 2.
+// See the 'LICENSE' file for more details.
+//-----------------------------------------------------------------------------
+
+#include <algorithm>
+#include <cctype>
+#include <iterator>
+#include <string>
+#include <string_view>
+
+#include "doomtype.h"
+#include "sanitize.h"
+
+using namespace srb2::sanitize;
+
+namespace
+{
+
+bool print_filter(char c)
+{
+	return !std::isprint(c);
+}
+
+bool color_filter(char c)
+{
+	return print_filter(c) && (c & 0xF0) != 0x80; // color codes
+}
+
+template <typename F>
+std::string& filter_out(std::string& out, const std::string_view& range, F filter)
+{
+	std::remove_copy_if(
+		range.begin(),
+		range.end(),
+		std::back_inserter(out),
+		filter
+	);
+	return out;
+};
+
+}; // namespace
+
+namespace srb2::sanitize
+{
+
+std::string sanitize(std::string_view in, SanitizeMode mode)
+{
+	std::string out;
+	return filter_out(out, in, [mode]
+		{
+			switch (mode)
+			{
+			default:
+			case SanitizeMode::kPrintable:
+				return print_filter;
+			case SanitizeMode::kKeepColors:
+				return color_filter;
+			}
+		}());
+}
+
+}; // namespace srb2
+
+void D_SanitizeKeepColors(char *out, const char *in, size_t out_size)
+{
+	strlcpy(out, sanitize(in, SanitizeMode::kKeepColors).c_str(), out_size);
+}
diff --git a/src/sanitize.h b/src/sanitize.h
new file mode 100644
index 000000000..24e757a15
--- /dev/null
+++ b/src/sanitize.h
@@ -0,0 +1,42 @@
+// DR. ROBOTNIK'S RING RACERS
+//-----------------------------------------------------------------------------
+// Copyright (C) 2024 by James Robert Roman
+//
+// This program is free software distributed under the
+// terms of the GNU General Public License, version 2.
+// See the 'LICENSE' file for more details.
+//-----------------------------------------------------------------------------
+
+#ifndef sanitize_h
+#define sanitize_h
+
+#include "doomtype.h"
+
+#ifdef __cplusplus
+#include <string>
+#include <string_view>
+
+namespace srb2::sanitize
+{
+
+enum class SanitizeMode
+{
+	kPrintable,
+	kKeepColors,
+};
+
+// sanitizes string of all 0x80 codes
+std::string sanitize(std::string_view in, SanitizeMode mode);
+
+}; // namespace srb2
+
+extern "C" {
+#endif
+
+void D_SanitizeKeepColors(char *out, const char *in, size_t out_size); // SanitizeMode::kKeepColors
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // sanitize_h