On Fri, Jun 28, 2002 at 10:06:01AM -0700, Mathew Earle Reuther wrote:
> So color codes are exempt . . .
Because they have known values that won't possibly include a % char.
> what about act.com.c line 48?
>
> send_to_char(ch, "Yes, but WHAT do you want to say?\r\n");
>
> This is in do_say() . . .
Again, that is a string const which contains no % char so it's safe.
Any string that could possibly contain a % will cause problems.
Especially when derived from user input, when it's a potentially
severe security risk. If you're *absolutely sure* there can't be a
raw (non-escaped) % in there, the "%s" is unnecessary AFAIK.
--
{ IRL(Jeremy_Stanley); SMTP(fungi@yuggoth.org); ICQ(114362511);
WWW(http://fungi.yuggoth.org/); IRC(fungi@irc.yuggoth.org#ccl);
PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); }
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT