From db6c4faeafa44b1fd1c32369dc37a9800ecbbf63 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Sun, 14 Jan 2024 19:00:27 +0100
Subject: [PATCH] Mitigate log file injection vulnerability at mod file names.

---
 svr.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/svr.js b/svr.js
index a9466c3..223b719 100644
--- a/svr.js
+++ b/svr.js
@@ -4886,7 +4886,7 @@ function start(init) {
       // Display mod and server-side JavaScript errors
       if (process.isPrimary || process.isPrimary === undefined) {
         modLoadingErrors.forEach(function (modLoadingError) {
-          serverconsole.locwarnmessage("There was a problem while loading a \"" + modLoadingError.modName + "\" mod.");
+          serverconsole.locwarnmessage("There was a problem while loading a \"" + String(modLoadingError.modName).replace(/[\r\n]/g, "") + "\" mod.");
           serverconsole.locwarnmessage("Stack:");
           serverconsole.locwarnmessage(generateErrorStack(modLoadingError.error));
         });