Fix supertuxkart#5121: Check if chat messages start with 'name: ' (supertuxkart#5254)

kimden · web-flow · commit 4376b04b979f · 2025-01-27T23:06:05.000+08:00
* Check if chat messages start with 'name: '

* Check one username only
diff --git a/src/network/protocols/server_lobby.cpp b/src/network/protocols/server_lobby.cpp
@@ -478,6 +478,23 @@ void ServerLobby::handleChat(Event* event)
     core::stringw message;
     event->data().decodeString16(&message, 360/*max_len*/);
 
+    // Check if the message starts with "(the name of main profile): " to prevent
+    // impersonation, see #5121.
+    std::string message_utf8 = StringUtils::wideToUtf8(message);
+    std::string prefix = StringUtils::wideToUtf8(
+        event->getPeer()->getPlayerProfiles()[0]->getName()) + ": ";
+    
+    if (!StringUtils::startsWith(message_utf8, prefix))
+    {
+        NetworkString* chat = getNetworkString();
+        chat->setSynchronous(true);
+        core::stringw warn = "Don't try to impersonate others!";
+        chat->addUInt8(LE_CHAT).encodeString16(warn);
+        event->getPeer()->sendPacket(chat, true/*reliable*/);
+        delete chat;
+        return;
+    }
+
     KartTeam target_team = KART_TEAM_NONE;
     if (event->data().size() > 0)
         target_team = (KartTeam)event->data().getUInt8();
