From 124e135b89821306ac924a9387cd6a7799d0a65e Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Sat, 5 Dec 2020 12:00:43 +0100
Subject: [PATCH] Whitelist legal input characters.

---
 plomrogue/parser.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plomrogue/parser.py b/plomrogue/parser.py
index 69f728e..2820c18 100644
--- a/plomrogue/parser.py
+++ b/plomrogue/parser.py
@@ -78,6 +78,14 @@ class Parser:
 
         Respects function signature defined in function's .argtypes attribute.
         """
+        import string
+        msg = msg.rstrip()
+        legal_chars = string.digits + string.ascii_letters +\
+            string.punctuation + ' ' + 'ÄäÖöÜüߧ' + 'éèáàô'
+        for c in msg:
+            if not c in legal_chars:
+                raise ArgError('Command/message contains illegal character(s), '
+                               'may only contain ones of: %s' % legal_chars)
         tokens = self.tokenize(msg)
         if len(tokens) == 0:
             return None, ()
-- 
2.30.2