From 31c04579131336219f05625dcf4a7072ad54a6b0 Mon Sep 17 00:00:00 2001
From: protheory8 <editaw5@gmail.com>
Date: Mon, 4 May 2020 09:50:58 +0000
Subject: [PATCH] Fix #542 - Impose limits on admin commands

---
 server/src/cmd.rs | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/server/src/cmd.rs b/server/src/cmd.rs
index f8df738d0a..005e30c1e9 100644
--- a/server/src/cmd.rs
+++ b/server/src/cmd.rs
@@ -849,6 +849,14 @@ fn handle_light(
     let mut light_emitter = comp::LightEmitter::default();
 
     if let (Some(r), Some(g), Some(b)) = (opt_r, opt_g, opt_b) {
+        if r < 0.0 || g < 0.0 || b < 0.0 {
+            server.notify_client(
+                client,
+                ServerMsg::private(String::from("cr, cg and cb values mustn't be negative.")),
+            );
+            return;
+        }
+
         let r = r.max(0.0).min(1.0);
         let g = g.max(0.0).min(1.0);
         let b = b.max(0.0).min(1.0);
@@ -950,6 +958,21 @@ fn handle_explosion(
     action: &ChatCommand,
 ) {
     let power = scan_fmt!(&args, action.arg_fmt, f32).unwrap_or(8.0);
+
+    if power > 512.0 {
+        server.notify_client(
+            client,
+            ServerMsg::private(String::from("Explosion power mustn't be more than 512.")),
+        );
+        return;
+    } else if power <= 0.0 {
+        server.notify_client(
+            client,
+            ServerMsg::private(String::from("Explosion power must be more than 0.")),
+        );
+        return;
+    }
+
     let ecs = server.state.ecs();
 
     match server.state.read_component_cloned::<comp::Pos>(target) {