From fa00a55e515dfe5fd06b47c570cf621a8c2d1f86 Mon Sep 17 00:00:00 2001
From: raven <citrons@mondecitronne.com>
Date: Sat, 21 Mar 2026 17:25:20 -0500
Subject: sanitize player names

---
 server/server.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'server')

diff --git a/server/server.go b/server/server.go
index a0d8f3f..ac5edea 100644
--- a/server/server.go
+++ b/server/server.go
@@ -381,6 +381,10 @@ func (cl *client) performHandshake(conn net.Conn, srvInfo ServerInfo) {
 		cl.disconnect("Expected handshake")
 		return
 	}
+	if !playerNameRegex.Match([]byte(cl.username)) {
+		cl.disconnect("Invalid player name")
+		return
+	}
 	err = classic.WritePacket(conn, &classic.ServerId {
 		Version: 7,
 		ServerName: classic.PadString(srvInfo.Name),
-- 
cgit v1.2.3