HerculesWS · MishimaHaruna · Jan 31, 2025 · Jan 19, 2025 · Jan 19, 2025
diff --git a/src/common/HPMDataCheck.h b/src/common/HPMDataCheck.h
@@ -2,7 +2,7 @@
  * This file is part of Hercules.
  * http://herc.ws - http://github.com/HerculesWS/Hercules
  *
- * Copyright (C) 2014-2024 Hercules Dev Team
+ * Copyright (C) 2014-2025 Hercules Dev Team
  *
  * Hercules is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/src/common/HPMSymbols.inc.h b/src/common/HPMSymbols.inc.h
@@ -2,7 +2,7 @@
  * This file is part of Hercules.
  * http://herc.ws - http://github.com/HerculesWS/Hercules
  *
- * Copyright (C) 2013-2024 Hercules Dev Team
+ * Copyright (C) 2013-2025 Hercules Dev Team
  *
  * Hercules is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/src/map/clif.c b/src/map/clif.c
@@ -10755,6 +10755,19 @@ static void clif_msgtable_color(struct map_session_data *sd, enum clif_messages
 	clif->send(&p, sizeof(p), &sd->bl, SELF);
 }
 
+static bool clif_validate_message(struct map_session_data *sd, char *message)
+{
+	nullpo_retr(false, message);
+
+	if (strchr(message, '\n') != NULL ||
+	    strchr(message, '\r') != NULL ||
+	    strstr(message, "             ") != NULL) {
+	    return false;
+	}
+
+	return true;
+}
+
 /**
  * Validates and processes a global/guild/party message packet.
  *
@@ -10819,6 +10832,8 @@ static const char *clif_process_chat_message(struct map_session_data *sd, const
 	safestrncpy(out_buf, packet->message, textlen+1); // [!] packet->message is not necessarily NUL terminated
 	message = out_buf + namelen + 3;
 
+	if (clif->validate_message(sd, out_buf) == false)
+		return NULL;
 	if (!pc->process_chat_message(sd, message))
 		return NULL;
 	return message;
@@ -10875,6 +10890,9 @@ static bool clif_process_whisper_message(struct map_session_data *sd, const stru
 	safestrncpy(out_name, packet->name, NAME_LENGTH + 1); // [!] packet->name is not NUL terminated
 	safestrncpy(out_message, packet->message, messagelen+1); // [!] packet->message is not necessarily NUL terminated
 
+	if (clif->validate_message(sd, out_message) == false)
+		return false;
+
 	if (!pc->process_chat_message(sd, out_message))
 		return false;
 
@@ -26883,6 +26901,7 @@ void clif_defaults(void)
 	clif->messages = clif_displaymessage_sprintf;
 	clif->process_chat_message = clif_process_chat_message;
 	clif->process_whisper_message = clif_process_whisper_message;
+	clif->validate_message = clif_validate_message;
 	clif->wisexin = clif_wisexin;
 	clif->wisall = clif_wisall;
 	clif->PMIgnoreList = clif_PMIgnoreList;

diff --git a/src/map/clif.h b/src/map/clif.h
@@ -1272,6 +1272,7 @@ struct clif_interface {
 	void (*messages) (const int fd, const char *mes, ...) __attribute__((format(printf, 2, 3)));
 	const char *(*process_chat_message) (struct map_session_data *sd, const struct packet_chat_message *packet, char *out_buf, int out_buflen);
 	bool (*process_whisper_message) (struct map_session_data *sd, const struct packet_whisper_message *packet, char *out_name, char *out_message, int out_messagelen);
+	bool (*validate_message) (struct map_session_data *sd, char *message);
 	void (*wisexin) (struct map_session_data *sd,int type,int flag);
 	void (*wisall) (struct map_session_data *sd,int type,int flag);
 	void (*PMIgnoreList) (struct map_session_data* sd);

diff --git a/src/map/script.c b/src/map/script.c
@@ -27026,7 +27026,12 @@ static BUILDIN(channelmes)
 		return true;
 	}
 
-	channel->send(chan, NULL, script_getstr(st, 3));
+	char *message = script_getstr(st, 3);
+	if (clif->validate_message(sd, message) == false) {
+		script_pushint(st, 0);
+		return true;
+	}
+	channel->send(chan, NULL, message);
 
 	script_pushint(st, 1);
 	return true;

diff --git a/src/plugins/HPMHooking/HPMHooking.Defs.inc b/src/plugins/HPMHooking/HPMHooking.Defs.inc
diff --git a/src/plugins/HPMHooking/HPMHooking_api.HPMHooksCore.inc b/src/plugins/HPMHooking/HPMHooking_api.HPMHooksCore.inc
@@ -2,7 +2,7 @@
  * This file is part of Hercules.
  * http://herc.ws - http://github.com/HerculesWS/Hercules
  *
- * Copyright (C) 2013-2024 Hercules Dev Team
+ * Copyright (C) 2013-2025 Hercules Dev Team
  *
  * Hercules is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

diff --git a/src/plugins/HPMHooking/HPMHooking_api.HookingPoints.inc b/src/plugins/HPMHooking/HPMHooking_api.HookingPoints.inc
@@ -2,7 +2,7 @@
  * This file is part of Hercules.
  * http://herc.ws - http://github.com/HerculesWS/Hercules
  *
- * Copyright (C) 2013-2024 Hercules Dev Team
+ * Copyright (C) 2013-2025 Hercules Dev Team
  *
  * Hercules is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by