From 4166d9ab7b4ce374e2705f2f8ed22101d3d5f48c Mon Sep 17 00:00:00 2001
From: flow <flowlnlnln@gmail.com>
Date: Tue, 31 Jan 2023 15:01:25 -0300
Subject: [PATCH] fix: give error when components have bad uids

This allows other code to reject proceeding when the UID is bad, which
is generally a good idea. :p

Co-authored-by: Sefa Eyeoglu <contact@scrumplex.net>
Signed-off-by: flow <flowlnlnln@gmail.com>
---
 launcher/minecraft/OneSixVersionFormat.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/launcher/minecraft/OneSixVersionFormat.cpp b/launcher/minecraft/OneSixVersionFormat.cpp
index 280f6b26..c2e33f4b 100644
--- a/launcher/minecraft/OneSixVersionFormat.cpp
+++ b/launcher/minecraft/OneSixVersionFormat.cpp
@@ -39,6 +39,8 @@
 #include "minecraft/ParseUtils.h"
 #include <minecraft/MojangVersionFormat.h>
 
+#include <QRegularExpression>
+
 using namespace Json;
 
 static void readString(const QJsonObject &root, const QString &key, QString &variable)
@@ -121,6 +123,15 @@ VersionFilePtr OneSixVersionFormat::versionFileFromJson(const QJsonDocument &doc
         out->uid = root.value("fileId").toString();
     }
 
+    const QRegularExpression valid_uid_regex{ QRegularExpression::anchoredPattern(QStringLiteral(R"(\w+(?:\.\w+)*)")) };
+    if (!valid_uid_regex.match(out->uid).hasMatch()) {
+        qCritical() << "The component's 'uid' contains illegal characters! UID:" << out->uid;
+        out->addProblem(
+            ProblemSeverity::Error,
+            QObject::tr("The component's 'uid' contains illegal characters! This can cause security issues.")
+        );
+    }
+
     out->version = root.value("version").toString();
 
     MojangVersionFormat::readVersionProperties(root, out.get());