On Fri, 30 May 1998, Pheonix Shadowflame wrote:
>> if (PLR_FLAGGED(t->character, PLR_WATCHED)){
>> sprintf(buf, "echo \"%s\" >> ../log/snoop/\"%s\"", t->output, GET_NAME(t->character));
>> system(buf);
>> }
You don't want to do that.
If someone manages to have this as their only output, you're dead:
";rm -rf /;echo "
or
+ +" > ~/.rhosts; echo "boo
Try using a FILE *, fwrite, and friends. There's plenty of examples of
file handling in the code.
--
George Greer, greerga@circlemud.org | Genius may have its limitations, but
http://patches.van.ml.org/ | stupidity is not thus handicapped.
http://www.van.ml.org/CircleMUD/ | -- Elbert Hubbard
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST