SQL Saves - Sanitization

Everything is now proper good sanitized!
2026-01-02 05:22:40 +00:00 · 2016-12-10 19:48:00 +02:00
parent 7c8e6f730e
commit 7925063160
13 changed files with 111 additions and 43 deletions
--- a/code/modules/client/preference_setup/antagonism/01_candidacy.dm
+++ b/code/modules/client/preference_setup/antagonism/01_candidacy.dm
@@ -11,12 +11,16 @@
 /datum/category_item/player_setup_item/antagonism/candidacy/gather_load_query()
 	return list("ss13_characters" = list("vars" = list("be_special_role"), "args" = list("id")))

-/datum/category_item/player_setup_item/antagonism/candidacy/sanitize_character()
-	if(!istype(pref.be_special_role))
+/datum/category_item/player_setup_item/antagonism/candidacy/sanitize_character(var/sql_load = 0)
+	if (sql_load)
+		if (pref.be_special_role)
+			pref.be_special_role = params2list(pref.be_special_role)
+
+	if (!istype(pref.be_special_role))
 		pref.be_special_role = list()

-	for(var/role in pref.be_special_role)
-		if(!(role in valid_special_roles()))
+	for (var/role in pref.be_special_role)
+		if (!(role in valid_special_roles()))
 			pref.be_special_role -= role

 /datum/category_item/player_setup_item/antagonism/candidacy/content(var/mob/user)
--- a/code/modules/client/preference_setup/general/01_basic.dm
+++ b/code/modules/client/preference_setup/general/01_basic.dm
@@ -25,17 +25,17 @@
 													"gender",
 													"age",
 													"metadata",
-													"spawnpoint"),
+													"spawnpoint",),
 										"args" = list("id")))

 /datum/category_item/player_setup_item/general/basic/sanitize_character()
-	pref.age			= sanitize_integer(pref.age, AGE_MIN, AGE_MAX, initial(pref.age))
+	pref.age			= sanitize_integer(text2num(pref.age), AGE_MIN, AGE_MAX, initial(pref.age))
 	pref.gender 		= sanitize_inlist(pref.gender, valid_player_genders, pick(valid_player_genders))
 	pref.real_name		= sanitize_name(pref.real_name, pref.species)
 	if(!pref.real_name)
 		pref.real_name	= random_name(pref.gender, pref.species)
 	pref.spawnpoint		= sanitize_inlist(pref.spawnpoint, spawntypes, initial(pref.spawnpoint))
-	pref.be_random_name	= sanitize_integer(pref.be_random_name, 0, 1, initial(pref.be_random_name))
+	pref.be_random_name	= sanitize_integer(text2num(pref.be_random_name), 0, 1, initial(pref.be_random_name))

 /datum/category_item/player_setup_item/general/basic/content()
 	. = "<b>Name:</b> "
--- a/code/modules/client/preference_setup/general/02_language.dm
+++ b/code/modules/client/preference_setup/general/02_language.dm
@@ -11,8 +11,12 @@
 /datum/category_item/player_setup_item/general/language/gather_load_query()
 	return list("ss13_characters" = list("vars" = list("language" = "alternate_languages"), "args" = list("id")))

-/datum/category_item/player_setup_item/general/language/sanitize_character()
-	if(!islist(pref.alternate_languages))	pref.alternate_languages = list()
+/datum/category_item/player_setup_item/general/language/sanitize_character(var/sql_load = 0)
+	if (sql_load)
+		pref.alternate_languages = params2list(pref.alternate_languages)
+
+	if(!islist(pref.alternate_languages))
+		pref.alternate_languages = list()

 /datum/category_item/player_setup_item/general/language/content()
 	. += "<b>Languages</b><br>"
--- a/code/modules/client/preference_setup/general/03_body.dm
+++ b/code/modules/client/preference_setup/general/03_body.dm
@@ -63,9 +63,40 @@ var/global/list/valid_bloodtypes = list("A+", "A-", "B+", "B-", "AB+", "AB-", "O
 														"organs_robotic" = "rlimb_data"),
 										"args" = list("id")))

-/datum/category_item/player_setup_item/general/body/sanitize_character(var/savefile/S)
+/datum/category_item/player_setup_item/general/body/sanitize_character(var/sql_load = 0)
 	if(!pref.species || !(pref.species in playable_species))
 		pref.species = "Human"
+
+	if (sql_load)
+		pref.hair_colour = sanitize_hexcolor(pref.hair_colour)
+		pref.r_hair		= GetRedPart(pref.hair_colour)
+		pref.g_hair		= GetGreenPart(pref.hair_colour)
+		pref.b_hair		= GetBluePart(pref.hair_colour)
+
+		pref.facial_colour = sanitize_hexcolor(pref.facial_colour)
+		pref.r_facial	= GetRedPart(pref.facial_colour)
+		pref.g_facial	= GetGreenPart(pref.facial_colour)
+		pref.b_facial	= GetBluePart(pref.facial_colour)
+
+		pref.s_tone		= text2num(pref.s_tone)
+
+		pref.skin_colour = sanitize_hexcolor(pref.skin_colour)
+		pref.r_skin		= GetRedPart(pref.skin_colour)
+		pref.g_skin		= GetGreenPart(pref.skin_colour)
+		pref.b_skin		= GetBluePart(pref.skin_colour)
+
+		pref.skin_colour = sanitize_hexcolor(pref.skin_colour)
+		pref.r_eyes		= GetRedPart(pref.eyes_colour)
+		pref.g_eyes		= GetGreenPart(pref.eyes_colour)
+		pref.b_eyes		= GetBluePart(pref.eyes_colour)
+
+		pref.disabilities = text2num(pref.disabilities)
+
+		if (pref.organ_data)
+			pref.organ_data = params2list(pref.organ_data)
+		if (pref.rlimb_data)
+			pref.rlimb_data = params2list(pref.rlimb_data)
+
 	pref.r_hair			= sanitize_integer(pref.r_hair, 0, 255, initial(pref.r_hair))
 	pref.g_hair			= sanitize_integer(pref.g_hair, 0, 255, initial(pref.g_hair))
 	pref.b_hair			= sanitize_integer(pref.b_hair, 0, 255, initial(pref.b_hair))
@@ -84,8 +115,10 @@ var/global/list/valid_bloodtypes = list("A+", "A-", "B+", "B-", "AB+", "AB-", "O
 	pref.b_type			= sanitize_text(pref.b_type, initial(pref.b_type))

 	pref.disabilities	= sanitize_integer(pref.disabilities, 0, 65535, initial(pref.disabilities))
-	if(!pref.organ_data) pref.organ_data = list()
-	if(!pref.rlimb_data) pref.rlimb_data = list()
+	if (!pref.organ_data || !islist(pref.organ_data))
+		pref.organ_data = list()
+	if (!pref.rlimb_data || !islist(pref.rlimb_data))
+		pref.rlimb_data = list()

 /datum/category_item/player_setup_item/general/body/content(var/mob/user)
 	pref.update_preview_icon()
--- a/code/modules/client/preference_setup/general/04_equipment.dm
+++ b/code/modules/client/preference_setup/general/04_equipment.dm
@@ -17,10 +17,15 @@
 /datum/category_item/player_setup_item/general/equipment/gather_load_query()
 	return list("ss13_characters" = list("vars" = list("underwear", "undershirt", "backbag", "gear"), "args" = list("id")))

-/datum/category_item/player_setup_item/general/equipment/sanitize_character()
+/datum/category_item/player_setup_item/general/equipment/sanitize_character(var/sql_load = 0)
+	if (sql_load)
+		pref.backbag = text2num(pref.backbag)
+		pref.gear	= params2list(pref.gear)
+
 	pref.backbag	= sanitize_integer(pref.backbag, 1, backbaglist.len, initial(pref.backbag))

-	if(!islist(pref.gear)) pref.gear = list()
+	if (!islist(pref.gear))
+		pref.gear = list()

 	var/undies = get_undies()
 	if(!get_key_by_value(undies, pref.underwear))
--- a/code/modules/client/preference_setup/general/05_background.dm
+++ b/code/modules/client/preference_setup/general/05_background.dm
@@ -30,10 +30,14 @@
 				"ss13_characters" = list("vars" = list("home_system", "citizenship", "faction", "religion"), "args" = list("id")))

 /datum/category_item/player_setup_item/general/background/sanitize_character()
-	if(!pref.home_system) pref.home_system = "Unset"
-	if(!pref.citizenship) pref.citizenship = "None"
-	if(!pref.faction)     pref.faction =     "None"
-	if(!pref.religion)    pref.religion =    "None"
+	if(!pref.home_system)
+		pref.home_system	= "Unset"
+	if(!pref.citizenship)
+		pref.citizenship	= "None"
+	if(!pref.faction)
+		pref.faction		= "None"
+	if(!pref.religion)
+		pref.religion		= "None"

 	pref.nanotrasen_relation = sanitize_inlist(pref.nanotrasen_relation, COMPANY_ALIGNMENTS, initial(pref.nanotrasen_relation))

--- a/code/modules/client/preference_setup/global/01_ui.dm
+++ b/code/modules/client/preference_setup/global/01_ui.dm
@@ -20,7 +20,7 @@
 /datum/category_item/player_setup_item/player_global/ui/sanitize_preferences()
 	pref.UI_style		= sanitize_inlist(pref.UI_style, all_ui_styles, initial(pref.UI_style))
 	pref.UI_style_color	= sanitize_hexcolor(pref.UI_style_color, initial(pref.UI_style_color))
-	pref.UI_style_alpha	= sanitize_integer(pref.UI_style_alpha, 0, 255, initial(pref.UI_style_alpha))
+	pref.UI_style_alpha	= sanitize_integer(text2num(pref.UI_style_alpha), 0, 255, initial(pref.UI_style_alpha))
 	pref.ooccolor		= sanitize_hexcolor(pref.ooccolor, initial(pref.ooccolor))

 /datum/category_item/player_setup_item/player_global/ui/content(var/mob/user)
--- a/code/modules/client/preference_setup/global/02_settings.dm
+++ b/code/modules/client/preference_setup/global/02_settings.dm
@@ -15,10 +15,13 @@
 /datum/category_item/player_setup_item/player_global/settings/gather_load_query()
 	return list("ss13_player_preferences" = list("vars" = list("lastchangelog", "current_character", "toggles", "asfx_toggles"), "args" = list("ckey")))

-/datum/category_item/player_setup_item/player_global/settings/sanitize_preferences()
+/datum/category_item/player_setup_item/player_global/settings/sanitize_preferences(var/sql_load = 0)
+	if (sql_load)
+		pref.current_character = text2num(pref.current_character)
+
 	pref.lastchangelog	= sanitize_text(pref.lastchangelog, initial(pref.lastchangelog))
-	pref.default_slot	= sanitize_integer(pref.default_slot, 1, config.character_slots, initial(pref.default_slot))
-	pref.toggles		= sanitize_integer(pref.toggles, 0, 65535, initial(pref.toggles))
+	pref.default_slot	= sanitize_integer(text2num(pref.default_slot), 1, config.character_slots, initial(pref.default_slot))
+	pref.toggles		= sanitize_integer(text2num(pref.toggles), 0, 65535, initial(pref.toggles))

 /datum/category_item/player_setup_item/player_global/settings/content(var/mob/user)
 	. += "<b>Play admin midis:</b> <a href='?src=\ref[src];toggle=[SOUND_MIDI]'><b>[(pref.toggles & SOUND_MIDI) ? "Yes" : "No"]</b></a><br>"
--- a/code/modules/client/preference_setup/global/03_language.dm
+++ b/code/modules/client/preference_setup/global/03_language.dm
@@ -11,8 +11,11 @@
 /datum/category_item/player_setup_item/player_global/language/gather_load_query()
 	return list("ss13_player_preferences" = list("vars" = list("language_prefixes"), "args" = list("ckey")))

-/datum/category_item/player_setup_item/player_global/language/sanitize_preferences()
-	if(isnull(pref.language_prefixes) || !pref.language_prefixes.len)
+/datum/category_item/player_setup_item/player_global/language/sanitize_preferences(var/sql_load = 0)
+	if (sql_load && pref.language_prefixes)
+		pref.language_prefixes = params2list(pref.language_prefixes)
+
+	if (isnull(pref.language_prefixes) || !pref.language_prefixes.len)
 		pref.language_prefixes = config.language_prefixes.Copy()

 /datum/category_item/player_setup_item/player_global/language/content(var/mob/user)
--- a/code/modules/client/preference_setup/occupation/occupation.dm
+++ b/code/modules/client/preference_setup/occupation/occupation.dm
@@ -37,17 +37,19 @@
 	return list("ss13_characters" = list("vars" = list("jobs" = "unsanitized_jobs", "alternate_option", "alternate_titles" = "player_alt_titles"), "args" = list("id")))

 /datum/category_item/player_setup_item/occupation/sanitize_character()
-	pref.alternate_option	= sanitize_integer(pref.alternate_option, 0, 2, initial(pref.alternate_option))
-	pref.job_civilian_high	= sanitize_integer(pref.job_civilian_high, 0, 65535, initial(pref.job_civilian_high))
-	pref.job_civilian_med	= sanitize_integer(pref.job_civilian_med, 0, 65535, initial(pref.job_civilian_med))
-	pref.job_civilian_low	= sanitize_integer(pref.job_civilian_low, 0, 65535, initial(pref.job_civilian_low))
-	pref.job_medsci_high	= sanitize_integer(pref.job_medsci_high, 0, 65535, initial(pref.job_medsci_high))
-	pref.job_medsci_med		= sanitize_integer(pref.job_medsci_med, 0, 65535, initial(pref.job_medsci_med))
-	pref.job_medsci_low		= sanitize_integer(pref.job_medsci_low, 0, 65535, initial(pref.job_medsci_low))
-	pref.job_engsec_high	= sanitize_integer(pref.job_engsec_high, 0, 65535, initial(pref.job_engsec_high))
-	pref.job_engsec_med 	= sanitize_integer(pref.job_engsec_med, 0, 65535, initial(pref.job_engsec_med))
-	pref.job_engsec_low 	= sanitize_integer(pref.job_engsec_low, 0, 65535, initial(pref.job_engsec_low))
-	if(!pref.player_alt_titles) pref.player_alt_titles = new()
+	pref.alternate_option	= sanitize_integer(text2num(pref.alternate_option), 0, 2, initial(pref.alternate_option))
+	pref.job_civilian_high	= sanitize_integer(text2num(pref.job_civilian_high), 0, 65535, initial(pref.job_civilian_high))
+	pref.job_civilian_med	= sanitize_integer(text2num(pref.job_civilian_med), 0, 65535, initial(pref.job_civilian_med))
+	pref.job_civilian_low	= sanitize_integer(text2num(pref.job_civilian_low), 0, 65535, initial(pref.job_civilian_low))
+	pref.job_medsci_high	= sanitize_integer(text2num(pref.job_medsci_high), 0, 65535, initial(pref.job_medsci_high))
+	pref.job_medsci_med		= sanitize_integer(text2num(pref.job_medsci_med), 0, 65535, initial(pref.job_medsci_med))
+	pref.job_medsci_low		= sanitize_integer(text2num(pref.job_medsci_low), 0, 65535, initial(pref.job_medsci_low))
+	pref.job_engsec_high	= sanitize_integer(text2num(pref.job_engsec_high), 0, 65535, initial(pref.job_engsec_high))
+	pref.job_engsec_med 	= sanitize_integer(text2num(pref.job_engsec_med), 0, 65535, initial(pref.job_engsec_med))
+	pref.job_engsec_low 	= sanitize_integer(text2num(pref.job_engsec_low), 0, 65535, initial(pref.job_engsec_low))
+
+	if (!pref.player_alt_titles)
+		pref.player_alt_titles = new()

 	if(!job_master)
 		return
--- a/code/modules/client/preference_setup/preference_setup.dm
+++ b/code/modules/client/preference_setup/preference_setup.dm
@@ -124,7 +124,7 @@
 		src.load_character_sql()

 	for(var/datum/category_item/player_setup_item/PI in items)
-		PI.sanitize_character()
+		PI.sanitize_character(config.sql_saves)

 /*
 * A proc for dynamically loading a character from the database.
@@ -327,10 +327,10 @@
 /datum/category_item/player_setup_item/proc/content()
 	return

-/datum/category_item/player_setup_item/proc/sanitize_character()
+/datum/category_item/player_setup_item/proc/sanitize_character(var/sql_load = 0)
 	return

-/datum/category_item/player_setup_item/proc/sanitize_preferences()
+/datum/category_item/player_setup_item/proc/sanitize_preferences(var/sql_load = 0)
 	return

 /datum/category_item/player_setup_item/Topic(var/href,var/list/href_list)
--- a/code/modules/client/preference_setup/skills/skills.dm
+++ b/code/modules/client/preference_setup/skills/skills.dm
@@ -15,11 +15,17 @@
 /datum/category_item/player_setup_item/skills/gather_load_query()
 	return list("ss13_characters" = list("vars" = list("skills", "skill_specialization"), "args" = list("id")))

-/datum/category_item/player_setup_item/skills/sanitize_character()
-	if(SKILLS == null)				setup_skills()
-	if(!pref.skills)				pref.skills = list()
-	if(!pref.skills.len)			pref.ZeroSkills()
-	if(pref.used_skillpoints < 0)	pref.used_skillpoints = 0
+/datum/category_item/player_setup_item/skills/sanitize_character(var/sql_load = 0)
+	if (SKILLS == null)
+		setup_skills()
+	if (!pref.skills)
+		pref.skills = list()
+	if (sql_load)
+		pref.skills = params2list(pref.skills)
+	if (!pref.skills.len)
+		pref.ZeroSkills()
+	if (pref.used_skillpoints < 0)
+		pref.used_skillpoints = 0

 /datum/category_item/player_setup_item/skills/content()
 	. += "<b>Select your Skills</b><br>"
--- a/code/modules/client/preferences.dm
+++ b/code/modules/client/preferences.dm
@@ -40,17 +40,21 @@ datum/preferences
 	var/undershirt						//undershirt type
 	var/backbag = 2						//backpack type
 	var/h_style = "Bald"				//Hair type
+	var/hair_colour = "#000000"			//Hair colour hex value, for SQL loading
 	var/r_hair = 0						//Hair color
 	var/g_hair = 0						//Hair color
 	var/b_hair = 0						//Hair color
 	var/f_style = "Shaved"				//Face hair type
+	var/facial_colour = "#000000"		//Facial colour hex value, for SQL loading
 	var/r_facial = 0					//Face hair color
 	var/g_facial = 0					//Face hair color
 	var/b_facial = 0					//Face hair color
 	var/s_tone = 0						//Skin tone
+	var/skin_colour = "#000000"			//Skin colour hex value, for SQL loading
 	var/r_skin = 0						//Skin color
 	var/g_skin = 0						//Skin color
 	var/b_skin = 0						//Skin color
+	var/eyes_colour = "#000000"			//Eye colour hex value, for SQL loading
 	var/r_eyes = 0						//Eye color
 	var/g_eyes = 0						//Eye color
 	var/b_eyes = 0						//Eye color