Fix MapsWidget bank command injection

trufae · trufae · commit 08b3be3c7e9c · 2026-03-07T12:26:02.000+01:00
diff --git a/src/widgets/MapsWidget.cpp b/src/widgets/MapsWidget.cpp
@@ -222,7 +222,7 @@ void MapsWidget::loadBanks()
         auto id = o["id"].toInt();
         auto name = o["name"].toString();
         auto row = QStringLiteral("%1 %2").arg(id).arg(name);
-        bankCombo->addItem(row);
+        bankCombo->addItem(row, id);
     }
     bankCombo->blockSignals(false);
     if (bankCombo->count() > 0) {
@@ -233,8 +233,12 @@ void MapsWidget::loadBanks()
 
 void MapsWidget::onBankChanged(int idx)
 {
-    QString bank = bankCombo->itemText(idx);
-    Core()->cmd(QString("omb %1").arg(bank));
+    bool ok = false;
+    int bankId = bankCombo->itemData(idx).toInt(&ok);
+    if (!ok) {
+        return;
+    }
+    Core()->cmd(QString("omb %1").arg(bankId));
     refreshMaps();
 }
 
@@ -246,7 +250,8 @@ void MapsWidget::onAddBank()
     if (!ok || name.isEmpty()) {
         return;
     }
-    Core()->cmd(QString("omb+ %1").arg(name));
+    name = Core()->sanitizeStringForCommand(name).replace('\n', '_').replace('\r', '_');
+    Core()->cmdRaw(QString("omb+ %1").arg(name));
     loadBanks();
 }
 

Original file line number	Diff line number	Diff line change
`@@ -222,7 +222,7 @@ void MapsWidget::loadBanks()`
`222`	`222`	`auto id = o["id"].toInt();`
`223`	`223`	`auto name = o["name"].toString();`
`224`	`224`	`auto row = QStringLiteral("%1 %2").arg(id).arg(name);`
`225`		`- bankCombo->addItem(row);`
	`225`	`+ bankCombo->addItem(row, id);`
`226`	`226`	`}`
`227`	`227`	`bankCombo->blockSignals(false);`
`228`	`228`	`if (bankCombo->count() > 0) {`
`@@ -233,8 +233,12 @@ void MapsWidget::loadBanks()`
`233`	`233`
`234`	`234`	`void MapsWidget::onBankChanged(int idx)`
`235`	`235`	`{`
`236`		`- QString bank = bankCombo->itemText(idx);`
`237`		`- Core()->cmd(QString("omb %1").arg(bank));`
	`236`	`+ bool ok = false;`
	`237`	`+ int bankId = bankCombo->itemData(idx).toInt(&ok);`
	`238`	`+ if (!ok) {`
	`239`	`+ return;`
	`240`	`+ }`
	`241`	`+ Core()->cmd(QString("omb %1").arg(bankId));`
`238`	`242`	`refreshMaps();`
`239`	`243`	`}`
`240`	`244`
`@@ -246,7 +250,8 @@ void MapsWidget::onAddBank()`
`246`	`250`	`if (!ok \|\| name.isEmpty()) {`
`247`	`251`	`return;`
`248`	`252`	`}`
`249`		`- Core()->cmd(QString("omb+ %1").arg(name));`
	`253`	`+ name = Core()->sanitizeStringForCommand(name).replace('\n', '_').replace('\r', '_');`
	`254`	`+ Core()->cmdRaw(QString("omb+ %1").arg(name));`
`250`	`255`	`loadBanks();`
`251`	`256`	`}`
`252`	`257`