From 89d574e6d09e6ff4d4d3a0717f0e19c6b17bb960 Mon Sep 17 00:00:00 2001
From: Matthew Hoops
Date: Mon, 4 Feb 2013 14:06:29 -0500
Subject: PEGASUS: Limit the accepted characters in save file names

---
 engines/pegasus/pegasus.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'engines/pegasus/pegasus.cpp')

diff --git a/engines/pegasus/pegasus.cpp b/engines/pegasus/pegasus.cpp
index 89acac1440..be3fcd5cff 100644
--- a/engines/pegasus/pegasus.cpp
+++ b/engines/pegasus/pegasus.cpp
@@ -657,7 +657,23 @@ Common::Error PegasusEngine::loadGameState(int slot) {
 	return valid ? Common::kNoError : Common::kUnknownError;
 }
 
+static bool isValidSaveFileChar(char c) {
+	// Limit it to letters, digits, and a few other characters that should be safe
+	return Common::isAlnum(c) || c == ' ' || c == '_' || c == '+' || c == '-' || c == '.';
+}
+
+static bool isValidSaveFileName(const Common::String &desc) {
+	for (uint32 i = 0; i < desc.size(); i++)
+		if (!isValidSaveFileChar(desc[i]))
+			return false;
+
+	return true;
+}
+
 Common::Error PegasusEngine::saveGameState(int slot, const Common::String &desc) {
+	if (!isValidSaveFileName(desc))
+		return Common::Error(Common::kCreatingFileFailed, _("Invalid save file name"));
+
 	Common::String output = Common::String::format("pegasus-%s.sav", desc.c_str());
 	Common::OutSaveFile *saveFile = _saveFileMan->openForSaving(output, false);
 	if (!saveFile)
-- 
cgit v1.2.3