Mercurial > hg > early-roguelike

diff arogue5/main.c @ 66:c56f672244f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
arogue5: close security holes. Prevent whoami (player name), file_name, and score_file from being changed if the systemwide save location is being used.
author elwin
date Sat, 11 Aug 2012 16:27:20 +0000
parents a98834ce7e04
children c49f7927b0fa
line wrap: on
line diff
--- a/arogue5/main.c	Fri Aug 10 21:17:14 2012 +0000
+++ b/arogue5/main.c	Sat Aug 11 16:27:20 2012 +0000
@@ -92,7 +92,7 @@
     if ((env = getenv("ROGUEOPTS")) != NULL)
 	parse_opts(env);
 
-    if (whoami[0] == '\0')
+    if (!use_savedir && whoami[0] == '\0')
         strucpy(whoami, md_getusername(), strlen(md_getusername()));
 
     if (env == NULL || fruit[0] == '\0') {
@@ -194,17 +194,20 @@
 	byebye(-1);
     }
 
-    if ((whoami == NULL) || (*whoami == '\0') || (strcmp(whoami,"dosuser")==0))
-    {
-        echo();
-        mvaddstr(23,2,"Rogue's Name? ");
-        wgetnstr(stdscr,whoami,LINELEN);
-        noecho();
+    if (!use_savedir) {
+        if ((whoami == NULL) || (*whoami == '\0') || 
+            (strcmp(whoami,"dosuser")==0))
+        {
+            echo();
+            mvaddstr(23,2,"Rogue's Name? ");
+            wgetnstr(stdscr,whoami,LINELEN);
+            noecho();
+        }
+
+        if ((whoami == NULL) || (*whoami == '\0'))
+            strcpy(whoami,"Rodney");
     }
 
-    if ((whoami == NULL) || (*whoami == '\0'))
-        strcpy(whoami,"Rodney");
-
     setup();
     /*
      * Set up windows