From 0a84f84e57b34d9bf63a0b6cd6407c14c2dd2ce1 Mon Sep 17 00:00:00 2001
From: Ryan Hitchman <hitchmanr@gmail.com>
Date: Thu, 1 May 2014 21:45:37 -0700
Subject: [PATCH] tag: sanitize inputs

---
 plugins/tag.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/plugins/tag.py b/plugins/tag.py
index 4b076a6..fed9a38 100644
--- a/plugins/tag.py
+++ b/plugins/tag.py
@@ -8,6 +8,10 @@ import threading
 from util import hook
 
 
+def sanitize(s):
+    return re.sub(r'[\x00-\x1f]', '', s)
+
+
 @hook.command
 def munge(inp, munge_count=0):
     reps = 0
@@ -150,7 +154,7 @@ def tag(inp, chan='', db=None):
             return 'tag syntax has changed. try .tags or .tagged instead'
         elif nick.lower() == 'del':
             return 'tag syntax has changed. try ".untag %s" instead' % subject
-        return add_tag(db, chan, nick, subject)
+        return add_tag(db, chan, sanitize(nick), sanitize(subject))
     else:
         tags = get_tags_by_nick(db, chan, inp)
         if tags: