From 65796c8f2043dd2a3bc4327dfe091304ccbe6945 Mon Sep 17 00:00:00 2001
From: Scott Powell <sqij@protonmail.com>
Date: Fri, 9 Jan 2026 16:28:08 +1100
Subject: [PATCH] * CommonCLI: added "set name ..." validation *
 ANON_REQ_TYPE_VER_OWNER, now removes commas from node_name

---
 examples/simple_repeater/MyMesh.cpp | 13 ++++++++++++-
 src/helpers/CommonCLI.cpp           | 18 +++++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/examples/simple_repeater/MyMesh.cpp b/examples/simple_repeater/MyMesh.cpp
index 38f81ff9..c50d860f 100644
--- a/examples/simple_repeater/MyMesh.cpp
+++ b/examples/simple_repeater/MyMesh.cpp
@@ -159,6 +159,14 @@ uint8_t MyMesh::handleAnonRegionsReq(const mesh::Identity& sender, uint32_t send
   return 0;
 }
 
+static void sanitiseName(char* dest, const char* src) {
+  while (*src) {
+    *dest++ = (*src == ',') ? ' ' : *src;
+    src++;
+  }
+  *dest = 0;
+}
+
 uint8_t MyMesh::handleAnonVerOwnerReq(const mesh::Identity& sender, uint32_t sender_timestamp, const uint8_t* data) {
   if (anon_limiter.allow(rtc_clock.getCurrentTime())) {
     // request data has: {reply-path-len}{reply-path}
@@ -166,10 +174,13 @@ uint8_t MyMesh::handleAnonVerOwnerReq(const mesh::Identity& sender, uint32_t sen
     memcpy(reply_path, data, reply_path_len);
     // data += reply_path_len;
 
+    char tmp[sizeof(_prefs.node_name)];
+    sanitiseName(tmp, _prefs.node_name);
+
     memcpy(reply_data, &sender_timestamp, 4);   // prefix with sender_timestamp, like a tag
     uint32_t now = getRTCClock()->getCurrentTime();
     memcpy(&reply_data[4], &now, 4);     // include our clock (for easy clock sync, and packet hash uniqueness)
-    sprintf((char *) &reply_data[8], "%s,%s,%s", FIRMWARE_VERSION, _prefs.node_name, _prefs.owner_info);
+    sprintf((char *) &reply_data[8], "%s,%s,%s", FIRMWARE_VERSION, tmp, _prefs.owner_info);
 
     return 8 + strlen((char *) &reply_data[8]);   // reply length
   }
diff --git a/src/helpers/CommonCLI.cpp b/src/helpers/CommonCLI.cpp
index 14b67b39..2fc93006 100644
--- a/src/helpers/CommonCLI.cpp
+++ b/src/helpers/CommonCLI.cpp
@@ -14,6 +14,14 @@ static uint32_t _atoi(const char* sp) {
   return n;
 }
 
+static bool isValidName(const char *n) {
+  while (*n) {
+    if (*n == '[' || *n == ']' || *n == '/' || *n == '\\' || *n == ':' || *n == ',' || *n == '?' || *n == '*') return false;
+    n++;
+  }
+  return true;
+}
+
 void CommonCLI::loadPrefs(FILESYSTEM* fs) {
   if (fs->exists("/com_prefs")) {
     loadPrefsInt(fs, "/com_prefs");   // new filename
@@ -421,9 +429,13 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch
           strcpy(reply, "Error, invalid key");
         }
       } else if (memcmp(config, "name ", 5) == 0) {
-        StrHelper::strncpy(_prefs->node_name, &config[5], sizeof(_prefs->node_name));
-        savePrefs();
-        strcpy(reply, "OK");
+        if (isValidName(&config[5])) {
+          StrHelper::strncpy(_prefs->node_name, &config[5], sizeof(_prefs->node_name));
+          savePrefs();
+          strcpy(reply, "OK");
+        } else {
+          strcpy(reply, "Error, bad chars");
+        }
       } else if (memcmp(config, "repeat ", 7) == 0) {
         _prefs->disable_fwd = memcmp(&config[7], "off", 3) == 0;
         savePrefs();