/*================================================================================= With many sites now having a live who list on their website using either their own custom code, or a "webwho" snippet, I realized there are some things that can be utilized that can mess up a website, or even compromising a player's privacy. Most MUD's allowed anything to be used in their titles or afk messages. If they post an e-mail address on their title, and it posts on the website, this can allow spam bots to get player's e-mail addresses. At the same time, if they post something in brackets (say a code bit), they could easilly implant viruses, or other material into the site. I went ahead and also added a simple set of url checks to not allow common URL bits (and workarounds) to be used. I use the URLs bit for my AFK messages as well (to keep out advertising and spammers.) I don't require a lot of credit. Just leave the comment in there, please. This is also for your information to tell what the bit of code does. While this piece of code is for the "titles", you can also modify it easilly and use it for other commands (afk messages, and other things that can be posted onto the website.) So... here we go... --Koqlb of Subversive Visions. subversive.themudhost.net port 7500 NOTE: I use it on a QuickMUD, but it works for almost all ROMs. If you use C++ insead of C, you may have to change the code some. Feel free to modify this code. =================================================================================*/ //In act_info.c, or whatever your "do_title" function is in, //find this code: send_to_char ("Change your title to what?\n\r", ch); //You will see something like: if (argument[0] == '\0') { send_to_char ("Change your title to what?\n\r", ch); return; } //Below this check, and above: smash_tilde (argument); set_title (ch, argument); send_to_char ("Ok.\n\r", ch); //Add the following code: /* For security's sake, html, javascript, and all other scripts and code * is not allowed. URLs and e-mail addresses also aren't allowed. * It could compromise player privacy. * If they do, return a message. * -Koqlb of Subversive Visions. 12/20/14 */ /*html, javascript, etc. */ else if (strstr(argument, "<") != NULL) { send_to_char("{GScripts and HTML code cannot be used in titles.{x\n\r", ch); return; } else if (strstr(argument, ">") != NULL) { send_to_char("{GScripts and HTML code cannot be used in titles{x\n\r", ch); return; } /* CSS, C, C++, java, etc. Left bracket not included due to Lopes colour codes. */ else if (strstr(argument, "}") != NULL) { send_to_char("{GProgramming code cannot be used in titles.{x\n\r",ch); return; } /* bb code, table codes, etc. */ else if (strstr(argument, "[") != NULL) { send_to_char("{GCode{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "]") != NULL) { send_to_char("{GCode{x cannot be used in titles.{x\n\r",ch); return; } /* Begin URL Check */ else if (strstr(argument, "@") != NULL) { send_to_char("{GE-mail addresses{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "http") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "www") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ". com") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "dot com") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "dot com") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, "w w w") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ".com") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ".gov") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ".to") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ".net") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } else if (strstr(argument, ".net") != NULL) { send_to_char("{GURLs{x cannot be used in titles.{x\n\r",ch); return; } /* End URL and Code check.*/