From ce676d0efba2fc7994541ac635ea544f0372bae2 Mon Sep 17 00:00:00 2001
From: Xuarig <xuarig.45@gmail.com>
Date: Thu, 20 Mar 2025 13:39:41 -0400
Subject: [PATCH] [Security] Added username sanitization on server (#299)

Fixing issues #282 where players can bypass max username length by
editing their storage. I added a sanitization on the server side to
avoid all kind of cheat on the username as we can't trust clients
---
 src/core/game/PlayerImpl.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/game/PlayerImpl.ts b/src/core/game/PlayerImpl.ts
index de96e2cb6..c1dd2aba4 100644
--- a/src/core/game/PlayerImpl.ts
+++ b/src/core/game/PlayerImpl.ts
@@ -44,6 +44,7 @@ import { andFN, manhattanDistFN, TileRef } from "./GameMap";
 import { AttackImpl } from "./AttackImpl";
 import { PseudoRandom } from "../PseudoRandom";
 import { consolex } from "../Consolex";
+import { sanitizeUsername } from "../validations/username";
 
 interface Target {
   tick: Tick;
@@ -101,7 +102,7 @@ export class PlayerImpl implements Player {
     startTroops: number,
   ) {
     this._flag = playerInfo.flag;
-    this._name = playerInfo.name;
+    this._name = sanitizeUsername(playerInfo.name);
     this._targetTroopRatio = 95n;
     this._troops = toInt(startTroops);
     this._workers = 0n;