From 5fee41d4ba4aa72ad9008fd1fdffdb62491d2015 Mon Sep 17 00:00:00 2001 From: volas Date: Wed, 25 Mar 2015 01:05:21 +0300 Subject: [PATCH] sanitize() refactor: third pass (misc) --- code/controllers/voting.dm | 4 +- code/datums/diseases/advance/advance.dm | 2 +- code/game/machinery/computer/message.dm | 4 +- .../machinery/computer3/computers/medical.dm | 2 +- .../machinery/computer3/computers/security.dm | 2 +- code/game/machinery/requests_console.dm | 4 +- code/game/response_team.dm | 2 +- code/modules/admin/DB ban/functions.dm | 2 +- code/modules/admin/admin.dm | 2 +- code/modules/admin/admin_memo.dm | 2 +- code/modules/admin/admin_verbs.dm | 2 +- code/modules/admin/topic.dm | 21 ++++----- code/modules/admin/verbs/adminpm.dm | 3 +- code/modules/admin/verbs/custom_event.dm | 6 +-- code/modules/admin/verbs/debug.dm | 2 +- code/modules/admin/verbs/massmodvar.dm | 2 +- code/modules/admin/verbs/modifyvariables.dm | 8 ++-- code/modules/admin/verbs/randomverbs.dm | 12 ++--- code/modules/client/client procs.dm | 2 +- code/modules/client/preferences.dm | 44 ++++--------------- .../spacesuits/rig/modules/utility.dm | 4 +- code/modules/economy/EFTPOS.dm | 4 +- code/modules/events/event_manager.dm | 2 +- code/modules/mob/living/carbon/human/human.dm | 10 +---- .../modules/mob/living/silicon/robot/robot.dm | 4 +- .../mob/living/silicon/robot/robot_items.dm | 4 +- code/modules/mob/mob.dm | 5 +-- code/modules/reagents/Chemistry-Machinery.dm | 4 +- .../reagent_containers/food/snacks.dm | 2 +- .../research/xenoarchaeology/chemistry.dm | 2 +- .../xenoarchaeology/finds/finds_fossils.dm | 2 +- 31 files changed, 68 insertions(+), 103 deletions(-) diff --git a/code/controllers/voting.dm b/code/controllers/voting.dm index 34658944bc..7db31c6fa6 100644 --- a/code/controllers/voting.dm +++ b/code/controllers/voting.dm @@ -241,10 +241,10 @@ datum/controller/vote choices.Add(antag.role_text) choices.Add("None") if("custom") - question = html_encode(input(usr,"What is the vote for?") as text|null) + question = sanitizeSafe(input(usr,"What is the vote for?") as text|null) if(!question) return 0 for(var/i=1,i<=10,i++) - var/option = capitalize(html_encode(input(usr,"Please enter an option or hit cancel to finish") as text|null)) + var/option = capitalize(sanitize(input(usr,"Please enter an option or hit cancel to finish") as text|null)) if(!option || mode || !usr.client) break choices.Add(option) else diff --git a/code/datums/diseases/advance/advance.dm b/code/datums/diseases/advance/advance.dm index bea5672006..70acceca35 100644 --- a/code/datums/diseases/advance/advance.dm +++ b/code/datums/diseases/advance/advance.dm @@ -394,7 +394,7 @@ var/list/advance_cures = list( if(D.symptoms.len > 0) - var/new_name = input(user, "Name your new disease.", "New Name") + var/new_name = sanitizeSafe(input(user, "Name your new disease.", "New Name"), MAX_NAME_LEN) D.AssignName(new_name) D.Refresh() diff --git a/code/game/machinery/computer/message.dm b/code/game/machinery/computer/message.dm index d11e606776..94eadf7f11 100644 --- a/code/game/machinery/computer/message.dm +++ b/code/game/machinery/computer/message.dm @@ -409,7 +409,7 @@ //Select Your Name if("Sender") - customsender = input(usr, "Please enter the sender's name.") as text|null + customsender = sanitize(input(usr, "Please enter the sender's name.") as text|null) //Select Receiver if("Recepient") @@ -425,7 +425,7 @@ //Enter custom job if("RecJob") - customjob = input(usr, "Please enter the sender's job.") as text|null + customjob = sanitize(input(usr, "Please enter the sender's job.") as text|null) //Enter message if("Message") diff --git a/code/game/machinery/computer3/computers/medical.dm b/code/game/machinery/computer3/computers/medical.dm index 96b1ccad5b..adb7ff9079 100644 --- a/code/game/machinery/computer3/computers/medical.dm +++ b/code/game/machinery/computer3/computers/medical.dm @@ -330,7 +330,7 @@ src.active2.fields["cdi_d"] = t1 if("notes") if (istype(src.active2, /datum/data/record)) - var/t1 = html_encode(trim(copytext(input("Please summarize notes:", "Med. records", html_decode(src.active2.fields["notes"]), null) as message,1,MAX_MESSAGE_LEN))) + var/t1 = sanitize(input("Please summarize notes:", "Med. records", html_decode(src.active2.fields["notes"]), null) as message, extra = 0) if ((!( t1 ) || !( src.authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || src.active2 != a2)) return src.active2.fields["notes"] = t1 diff --git a/code/game/machinery/computer3/computers/security.dm b/code/game/machinery/computer3/computers/security.dm index e00aab556d..924f32b1b7 100644 --- a/code/game/machinery/computer3/computers/security.dm +++ b/code/game/machinery/computer3/computers/security.dm @@ -498,7 +498,7 @@ What a mess.*/ active2.fields["ma_crim_d"] = t1 if("notes") if (istype(active2, /datum/data/record)) - var/t1 = html_encode(trim(copytext(input("Please summarize notes:", "Secure. records", html_decode(active2.fields["notes"]), null) as message,1,MAX_MESSAGE_LEN))) + var/t1 = sanitize(input("Please summarize notes:", "Secure. records", html_decode(active2.fields["notes"]), null) as message, extra = 0) if ((!( t1 ) || !( authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || active2 != a2)) return active2.fields["notes"] = t1 diff --git a/code/game/machinery/requests_console.dm b/code/game/machinery/requests_console.dm index f9dd2216df..3c7e1613b9 100644 --- a/code/game/machinery/requests_console.dm +++ b/code/game/machinery/requests_console.dm @@ -223,7 +223,7 @@ var/list/obj/machinery/requests_console/allConsoles = list() if(reject_bad_text(href_list["write"])) dpt = ckey(href_list["write"]) //write contains the string of the receiving department's name - var/new_message = copytext(reject_bad_text(input(usr, "Write your message:", "Awaiting Input", "")),1,MAX_MESSAGE_LEN) + var/new_message = sanitize(input("Write your message:", "Awaiting Input", "")) if(new_message) message = new_message screen = 9 @@ -238,7 +238,7 @@ var/list/obj/machinery/requests_console/allConsoles = list() priority = -1 if(href_list["writeAnnouncement"]) - var/new_message = copytext(reject_bad_text(input(usr, "Write your message:", "Awaiting Input", "")),1,MAX_MESSAGE_LEN) + var/new_message = sanitize(input("Write your message:", "Awaiting Input", "")) if(new_message) message = new_message switch(href_list["priority"]) diff --git a/code/game/response_team.dm b/code/game/response_team.dm index ea1a03a571..a64230b1d6 100644 --- a/code/game/response_team.dm +++ b/code/game/response_team.dm @@ -53,7 +53,7 @@ client/verb/JoinResponseTeam() for (var/obj/effect/landmark/L in landmarks_list) if (L.name == "Commando") L.name = null//Reserving the place. - var/new_name = input(usr, "Pick a name","Name") as null|text + var/new_name = sanitizeSafe(input(usr, "Pick a name","Name") as null|text, MAX_NAME_LEN) if(!new_name)//Somebody changed his mind, place is available again. L.name = "Commando" return diff --git a/code/modules/admin/DB ban/functions.dm b/code/modules/admin/DB ban/functions.dm index 32e633a200..a361328cac 100644 --- a/code/modules/admin/DB ban/functions.dm +++ b/code/modules/admin/DB ban/functions.dm @@ -181,7 +181,7 @@ datum/admins/proc/DB_ban_edit(var/banid = null, var/param = null) switch(param) if("reason") if(!value) - value = input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text + value = sanitize(input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text) value = sql_sanitize_text(value) if(!value) usr << "Cancelled" diff --git a/code/modules/admin/admin.dm b/code/modules/admin/admin.dm index f956743dfa..57cdcd479a 100644 --- a/code/modules/admin/admin.dm +++ b/code/modules/admin/admin.dm @@ -725,7 +725,7 @@ var/global/floorIsLava = 0 set desc="Announce your desires to the world" if(!check_rights(0)) return - var/message = input("Global message to send:", "Admin Announce", null, null) as message + var/message = input("Global message to send:", "Admin Announce", null, null) as message//todo: sanitize for all? if(message) if(!check_rights(R_SERVER,0)) message = sanitize(message, 500, extra = 0) diff --git a/code/modules/admin/admin_memo.dm b/code/modules/admin/admin_memo.dm index 133f6d10e9..4bcaf10d9c 100644 --- a/code/modules/admin/admin_memo.dm +++ b/code/modules/admin/admin_memo.dm @@ -16,7 +16,7 @@ /client/proc/admin_memo_write() var/savefile/F = new(MEMOFILE) if(F) - var/memo = input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message + var/memo = sanitize(input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message, extra = 0) switch(memo) if(null) return diff --git a/code/modules/admin/admin_verbs.dm b/code/modules/admin/admin_verbs.dm index 3751b51277..648e8551a2 100644 --- a/code/modules/admin/admin_verbs.dm +++ b/code/modules/admin/admin_verbs.dm @@ -616,7 +616,7 @@ var/list/admin_verbs_mentor = list( set name = "Make Sound" set desc = "Display a message to everyone who can hear the target" if(O) - var/message = input("What do you want the message to be?", "Make Sound") as text|null + var/message = sanitize(input("What do you want the message to be?", "Make Sound") as text|null) if(!message) return for (var/mob/V in hearers(O)) diff --git a/code/modules/admin/topic.dm b/code/modules/admin/topic.dm index e8817031fe..ec16a37d25 100644 --- a/code/modules/admin/topic.dm +++ b/code/modules/admin/topic.dm @@ -328,12 +328,12 @@ mins = min(525599,mins) minutes = CMinutes + mins duration = GetExp(minutes) - reason = input(usr,"Reason?","reason",reason2) as text|null + reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null) if(!reason) return if("No") temp = 0 duration = "Perma" - reason = input(usr,"Reason?","reason",reason2) as text|null + reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null) if(!reason) return log_admin("[key_name(usr)] edited [banned_key]'s ban. Reason: [reason] Duration: [duration]") @@ -655,7 +655,7 @@ var/mins = input(usr,"How long (in minutes)?","Ban time",1440) as num|null if(!mins) return - var/reason = input(usr,"Reason?","Please State Reason","") as text|null + var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null) if(!reason) return @@ -680,7 +680,7 @@ return 1 if("No") if(!check_rights(R_BAN)) return - var/reason = input(usr,"Reason?","Please State Reason","") as text|null + var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null) if(reason) var/msg for(var/job in notbannedlist) @@ -737,7 +737,7 @@ if (ismob(M)) if(!check_if_greater_rights_than(M.client)) return - var/reason = input("Please enter reason") + var/reason = sanitize(input("Please enter reason")) if(!reason) M << "\red You have been kicked from the server" else @@ -794,7 +794,7 @@ if(!mins) return if(mins >= 525600) mins = 525599 - var/reason = input(usr,"Reason?","reason","Griefer") as text|null + var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null) if(!reason) return AddBan(M.ckey, M.computer_id, reason, usr.ckey, 1, mins) @@ -815,7 +815,7 @@ //del(M) // See no reason why to delete mob. Important stuff can be lost. And ban can be lifted before round ends. if("No") if(!check_rights(R_BAN)) return - var/reason = input(usr,"Reason?","reason","Griefer") as text|null + var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null) if(!reason) return switch(alert(usr,"IP ban?",,"Yes","No","Cancel")) @@ -1379,7 +1379,7 @@ usr << "The person you are trying to contact is not wearing a headset" return - var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", "") + var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", "")) if(!input) return src.owner << "You sent [input] to [H] via a secure channel." @@ -1396,7 +1396,7 @@ usr << "The person you are trying to contact is not wearing a headset" return - var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", "") + var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", "")) if(!input) return src.owner << "You sent [input] to [H] via a secure channel." @@ -1443,6 +1443,7 @@ var/mob/sender = locate(href_list["CentcommFaxReply"]) var/obj/machinery/photocopier/faxmachine/fax = locate(href_list["originfax"]) + //todo: sanitize var/input = input(src.owner, "Please enter a message to reply to [key_name(sender)] via secure connection. NOTE: BBCode does not work, but HTML tags do! Use
for line breaks.", "Outgoing message from Centcomm", "") as message|null if(!input) return @@ -2652,7 +2653,7 @@ if(href_list["add_player_info"]) var/key = href_list["add_player_info"] - var/add = input("Add Player Info") as null|text + var/add = sanitize(input("Add Player Info") as null|text) if(!add) return notes_add(key,add,usr) diff --git a/code/modules/admin/verbs/adminpm.dm b/code/modules/admin/verbs/adminpm.dm index 9d13437faa..467083e827 100644 --- a/code/modules/admin/verbs/adminpm.dm +++ b/code/modules/admin/verbs/adminpm.dm @@ -60,6 +60,7 @@ return //clean the message if it's not sent by a high-rank admin + //todo: sanitize for all??? if(!check_rights(R_SERVER|R_DEBUG,0)) msg = sanitize(msg) if(!msg) return @@ -91,7 +92,7 @@ spawn(0) //so we don't hold the caller proc up var/sender = src var/sendername = key - var/reply = input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null //show message and await a reply + var/reply = sanitize(input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null) //show message and await a reply if(C && reply) if(sender) C.cmd_admin_pm(sender,reply) //sender is still about, let's reply to them diff --git a/code/modules/admin/verbs/custom_event.dm b/code/modules/admin/verbs/custom_event.dm index 3021cc2828..265c16a868 100644 --- a/code/modules/admin/verbs/custom_event.dm +++ b/code/modules/admin/verbs/custom_event.dm @@ -7,7 +7,7 @@ src << "Only administrators may use this command." return - var/input = input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null + var/input = sanitize(input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null, MAX_BOOK_MESSAGE_LEN, extra = 0) if(!input || input == "") custom_event_msg = null log_admin("[usr.key] has cleared the custom event text.") @@ -21,7 +21,7 @@ world << "

Custom Event

" world << "

A custom event is starting. OOC Info:

" - world << "[html_encode(custom_event_msg)]" + world << "[custom_event_msg]" world << "
" // normal verb for players to view info @@ -36,5 +36,5 @@ src << "

Custom Event

" src << "

A custom event is taking place. OOC Info:

" - src << "[html_encode(custom_event_msg)]" + src << "[custom_event_msg]" src << "
" diff --git a/code/modules/admin/verbs/debug.dm b/code/modules/admin/verbs/debug.dm index 4e4ed552d2..b9858aa7d5 100644 --- a/code/modules/admin/verbs/debug.dm +++ b/code/modules/admin/verbs/debug.dm @@ -205,7 +205,7 @@ But you can call procs that are of type /mob/living/carbon/human/proc/ for that return 0 var/obj/item/device/paicard/card = new(T) var/mob/living/silicon/pai/pai = new(card) - pai.name = input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text + pai.name = sanitizeSafe(input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text) pai.real_name = pai.name pai.key = choice.key card.setPersonality(pai) diff --git a/code/modules/admin/verbs/massmodvar.dm b/code/modules/admin/verbs/massmodvar.dm index a35fb15174..a6b4bf7d16 100644 --- a/code/modules/admin/verbs/massmodvar.dm +++ b/code/modules/admin/verbs/massmodvar.dm @@ -168,7 +168,7 @@ return .(O.vars[variable]) if("text") - var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null + var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null//todo: sanitize ??? if(new_value == null) return O.vars[variable] = new_value diff --git a/code/modules/admin/verbs/modifyvariables.dm b/code/modules/admin/verbs/modifyvariables.dm index 8c48af6a45..fce2aa59dc 100644 --- a/code/modules/admin/verbs/modifyvariables.dm +++ b/code/modules/admin/verbs/modifyvariables.dm @@ -44,7 +44,7 @@ var/list/forbidden_varedit_object_types = list( switch(class) if("text") - var_value = input("Enter new text:","Text") as null|text + var_value = input("Enter new text:","Text") as null|text//todo: sanitize ??? if("num") var_value = input("Enter new number:","Num") as null|num @@ -93,7 +93,7 @@ var/list/forbidden_varedit_object_types = list( switch(class) if("text") - var_value = input("Enter new text:","Text") as text + var_value = input("Enter new text:","Text") as text//todo: sanitize ??? if("num") var_value = input("Enter new number:","Num") as num @@ -243,7 +243,7 @@ var/list/forbidden_varedit_object_types = list( return if("text") - L[L.Find(variable)] = input("Enter new text:","Text") as text + L[L.Find(variable)] = input("Enter new text:","Text") as text//todo: sanitize ??? if("num") L[L.Find(variable)] = input("Enter new number:","Num") as num @@ -450,7 +450,7 @@ var/list/forbidden_varedit_object_types = list( return .(O.vars[variable]) if("text") - var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text + var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text//todo: sanitize ??? if(var_new==null) return O.vars[variable] = var_new diff --git a/code/modules/admin/verbs/randomverbs.dm b/code/modules/admin/verbs/randomverbs.dm index 07d8009219..03b8a03cac 100644 --- a/code/modules/admin/verbs/randomverbs.dm +++ b/code/modules/admin/verbs/randomverbs.dm @@ -52,7 +52,7 @@ src << "Only administrators may use this command." return - var/msg = input("Message:", text("Subtle PM to [M.key]")) as text + var/msg = sanitize(input("Message:", text("Subtle PM to [M.key]")) as text) if (!msg) return @@ -109,7 +109,7 @@ src << "Only administrators may use this command." return - var/msg = input("Message:", text("Enter the text you wish to appear to everyone:")) as text + var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to everyone:")) as text) if (!msg) return @@ -132,7 +132,7 @@ if(!M) return - var/msg = input("Message:", text("Enter the text you wish to appear to your target:")) as text + var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to your target:")) as text) if( !msg ) return @@ -475,7 +475,7 @@ Traitors and the like can also be revived with the previous role mostly intact. if(!holder) src << "Only administrators may use this command." return - var/input = input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null + var/input = sanitize(input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null) if(!input) return for(var/mob/living/silicon/ai/M in mob_list) @@ -523,8 +523,8 @@ Traitors and the like can also be revived with the previous role mostly intact. if(!holder) src << "Only administrators may use this command." return - var/input = input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null - var/customname = input(usr, "Pick a title for the report.", "Title") as text|null + var/input = sanitize(input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null, extra = 0) + var/customname = sanitizeSafe(input(usr, "Pick a title for the report.", "Title") as text|null) if(!input) return if(!customname) diff --git a/code/modules/client/client procs.dm b/code/modules/client/client procs.dm index a8efe68418..45ca127f13 100644 --- a/code/modules/client/client procs.dm +++ b/code/modules/client/client procs.dm @@ -145,7 +145,7 @@ if(custom_event_msg && custom_event_msg != "") src << "

Custom Event

" src << "

A custom event is taking place. OOC Info:

" - src << "[html_encode(custom_event_msg)]" + src << "[custom_event_msg]" src << "
" if( (world.address == address || !address) && !host ) diff --git a/code/modules/client/preferences.dm b/code/modules/client/preferences.dm index 7b969a332b..4466becf74 100755 --- a/code/modules/client/preferences.dm +++ b/code/modules/client/preferences.dm @@ -995,16 +995,10 @@ datum/preferences ShowChoices(user) return if("general") - var/msg = input(usr,"Give a general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Give a general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message, extra = 0) flavor_texts[href_list["task"]] = msg else - var/msg = input(usr,"Set the flavor text for your [href_list["task"]].","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Set the flavor text for your [href_list["task"]].","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message, extra = 0) flavor_texts[href_list["task"]] = msg SetFlavorText(user) return @@ -1019,16 +1013,10 @@ datum/preferences ShowChoices(user) return if("Default") - var/msg = input(usr,"Set the default flavour text for your robot. It will be used for any module without individual setting.","Flavour Text",html_decode(flavour_texts_robot["Default"])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Set the default flavour text for your robot. It will be used for any module without individual setting.","Flavour Text",html_decode(flavour_texts_robot["Default"])) as message, extra = 0) flavour_texts_robot[href_list["task"]] = msg else - var/msg = input(usr,"Set the flavour text for your robot with [href_list["task"]] module. If you leave this empty, default flavour text will be used for this module.","Flavour Text",html_decode(flavour_texts_robot[href_list["task"]])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Set the flavour text for your robot with [href_list["task"]] module. If you leave this empty, default flavour text will be used for this module.","Flavour Text",html_decode(flavour_texts_robot[href_list["task"]])) as message, extra = 0) flavour_texts_robot[href_list["task"]] = msg SetFlavourTextRobot(user) return @@ -1044,41 +1032,25 @@ datum/preferences else user << browse(null, "window=records") if(href_list["task"] == "med_record") - var/medmsg = input(usr,"Set your medical notes here.","Medical Records",html_decode(med_record)) as message - + var/medmsg = sanitize(input(usr,"Set your medical notes here.","Medical Records",html_decode(med_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0) if(medmsg != null) - medmsg = copytext(medmsg, 1, MAX_PAPER_MESSAGE_LEN) - medmsg = html_encode(medmsg) - med_record = medmsg SetRecords(user) if(href_list["task"] == "sec_record") - var/secmsg = input(usr,"Set your security notes here.","Security Records",html_decode(sec_record)) as message - + var/secmsg = sanitize(input(usr,"Set your security notes here.","Security Records",html_decode(sec_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0) if(secmsg != null) - secmsg = copytext(secmsg, 1, MAX_PAPER_MESSAGE_LEN) - secmsg = html_encode(secmsg) - sec_record = secmsg SetRecords(user) if(href_list["task"] == "gen_record") - var/genmsg = input(usr,"Set your employment notes here.","Employment Records",html_decode(gen_record)) as message - + var/genmsg = sanitize(input(usr,"Set your employment notes here.","Employment Records",html_decode(gen_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0) if(genmsg != null) - genmsg = copytext(genmsg, 1, MAX_PAPER_MESSAGE_LEN) - genmsg = html_encode(genmsg) - gen_record = genmsg SetRecords(user) if(href_list["task"] == "exploitable_record") - var/exploitmsg = input(usr,"Set exploitable information about you here.","Exploitable Information",html_decode(exploit_record)) as message - + var/exploitmsg = sanitize(input(usr,"Set exploitable information about you here.","Exploitable Information",html_decode(exploit_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0) if(exploitmsg != null) - exploitmsg = copytext(exploitmsg, 1, MAX_PAPER_MESSAGE_LEN) - exploitmsg = html_encode(exploitmsg) - exploit_record = exploitmsg SetAntagoptions(user) diff --git a/code/modules/clothing/spacesuits/rig/modules/utility.dm b/code/modules/clothing/spacesuits/rig/modules/utility.dm index c670b93791..b4a622075e 100644 --- a/code/modules/clothing/spacesuits/rig/modules/utility.dm +++ b/code/modules/clothing/spacesuits/rig/modules/utility.dm @@ -280,10 +280,10 @@ voice_holder.active = 0 usr << "You disable the speech synthesiser." if("Set Name") - var/raw_choice = input(usr, "Please enter a new name.") as text|null + var/raw_choice = sanitize(input(usr, "Please enter a new name.") as text|null) if(!raw_choice) return 0 - voice_holder.voice = sanitize(raw_choice) + voice_holder.voice = raw_choice usr << "You are now mimicking [voice_holder.voice]." return 1 diff --git a/code/modules/economy/EFTPOS.dm b/code/modules/economy/EFTPOS.dm index c9f1aa1533..c2561423f4 100644 --- a/code/modules/economy/EFTPOS.dm +++ b/code/modules/economy/EFTPOS.dm @@ -167,7 +167,7 @@ if("change_id") var/attempt_code = text2num(input("Re-enter the current EFTPOS access code", "Confirm EFTPOS code")) if(attempt_code == access_code) - eftpos_name = input("Enter a new terminal ID for this device", "Enter new EFTPOS ID") + " EFTPOS scanner" + eftpos_name = sanitize(input("Enter a new terminal ID for this device", "Enter new EFTPOS ID")) + " EFTPOS scanner" print_reference() else usr << "\icon[src]Incorrect code entered." @@ -182,7 +182,7 @@ else usr << "\icon[src]Account not found." if("trans_purpose") - var/choice = input("Enter reason for EFTPOS transaction", "Transaction purpose") + var/choice = sanitize(input("Enter reason for EFTPOS transaction", "Transaction purpose")) if(choice) transaction_purpose = choice if("trans_value") var/try_num = input("Enter amount for EFTPOS transaction", "Transaction amount") as num diff --git a/code/modules/events/event_manager.dm b/code/modules/events/event_manager.dm index daa913a87c..d04eb6db31 100644 --- a/code/modules/events/event_manager.dm +++ b/code/modules/events/event_manager.dm @@ -233,7 +233,7 @@ else if(href_list["back"]) selected_event_container = null else if(href_list["set_name"]) - var/name = input("Enter event name.", "Set Name") as text|null + var/name = sanitize(input("Enter event name.", "Set Name") as text|null) if(name) var/datum/event_meta/EM = locate(href_list["set_name"]) EM.name = name diff --git a/code/modules/mob/living/carbon/human/human.dm b/code/modules/mob/living/carbon/human/human.dm index 3d1304ab55..45e261792c 100644 --- a/code/modules/mob/living/carbon/human/human.dm +++ b/code/modules/mob/living/carbon/human/human.dm @@ -657,17 +657,11 @@ src << browse(null, "window=flavor_changes") return if("general") - var/msg = input(usr,"Update the general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Update the general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message, extra = 0) flavor_texts[href_list["flavor_change"]] = msg return else - var/msg = input(usr,"Update the flavor text for your [href_list["flavor_change"]].","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message - if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) + var/msg = sanitize(input(usr,"Update the flavor text for your [href_list["flavor_change"]].","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message, extra = 0) flavor_texts[href_list["flavor_change"]] = msg set_flavor() return diff --git a/code/modules/mob/living/silicon/robot/robot.dm b/code/modules/mob/living/silicon/robot/robot.dm index 2c95605574..4c6f47f36f 100644 --- a/code/modules/mob/living/silicon/robot/robot.dm +++ b/code/modules/mob/living/silicon/robot/robot.dm @@ -430,8 +430,8 @@ spawn(0) var/newname - newname = input(src,"You are a robot. Enter a name, or leave blank for the default name.", "Name change","") as text - if (newname != "") + newname = sanitizeSafe(input(src,"You are a robot. Enter a name, or leave blank for the default name.", "Name change","") as text, MAX_NAME_LEN) + if (newname) custom_name = newname updatename() diff --git a/code/modules/mob/living/silicon/robot/robot_items.dm b/code/modules/mob/living/silicon/robot/robot_items.dm index 33748f056e..0d40f0954a 100644 --- a/code/modules/mob/living/silicon/robot/robot_items.dm +++ b/code/modules/mob/living/silicon/robot/robot_items.dm @@ -124,11 +124,11 @@ /obj/item/weapon/pen/robopen/proc/RenamePaper(mob/user as mob,obj/paper as obj) if ( !user || !paper ) return - var/n_name = input(user, "What would you like to label the paper?", "Paper Labelling", null) as text + var/n_name = sanitizeSafe(input(user, "What would you like to label the paper?", "Paper Labelling", null) as text, 32) if ( !user || !paper ) return - n_name = copytext(n_name, 1, 32) + //n_name = copytext(n_name, 1, 32) if(( get_dist(user,paper) <= 1 && user.stat == 0)) paper.name = "paper[(n_name ? text("- '[n_name]'") : null)]" add_fingerprint(user) diff --git a/code/modules/mob/mob.dm b/code/modules/mob/mob.dm index 98768bfd41..4379db6c17 100644 --- a/code/modules/mob/mob.dm +++ b/code/modules/mob/mob.dm @@ -360,12 +360,9 @@ var/list/slot_equipment_priority = list( \ set src in usr if(usr != src) usr << "No." - var/msg = input(usr,"Set the flavor text in your 'examine' verb. Can also be used for OOC notes about your character.","Flavor Text",html_decode(flavor_text)) as message|null + var/msg = sanitize(input(usr,"Set the flavor text in your 'examine' verb. Can also be used for OOC notes about your character.","Flavor Text",html_decode(flavor_text)) as message|null, extra = 0) if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) - msg = html_encode(msg) - flavor_text = msg /mob/proc/warn_flavor_changed() diff --git a/code/modules/reagents/Chemistry-Machinery.dm b/code/modules/reagents/Chemistry-Machinery.dm index c23927cca9..bef45fbb16 100644 --- a/code/modules/reagents/Chemistry-Machinery.dm +++ b/code/modules/reagents/Chemistry-Machinery.dm @@ -178,7 +178,7 @@ var/amount_per_pill = reagents.total_volume/count if (amount_per_pill > 60) amount_per_pill = 60 - var/name = reject_bad_text(input(usr,"Name:","Name your pill!","[reagents.get_master_reagent_name()] ([amount_per_pill] units)")) + var/name = sanitizeSafe(input(usr,"Name:","Name your pill!","[reagents.get_master_reagent_name()] ([amount_per_pill] units)"), MAX_NAME_LEN) if(reagents.total_volume/count < 1) //Sanity checking. return @@ -197,7 +197,7 @@ else if (href_list["createbottle"]) if(!condi) - var/name = reject_bad_text(input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name())) + var/name = sanitizeSafe(input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name()), MAX_NAME_LEN) var/obj/item/weapon/reagent_containers/glass/bottle/P = new/obj/item/weapon/reagent_containers/glass/bottle(src.loc) if(!name) name = reagents.get_master_reagent_name() P.name = "[name] bottle" diff --git a/code/modules/reagents/reagent_containers/food/snacks.dm b/code/modules/reagents/reagent_containers/food/snacks.dm index 502a741c6b..5ebb1dc9a3 100644 --- a/code/modules/reagents/reagent_containers/food/snacks.dm +++ b/code/modules/reagents/reagent_containers/food/snacks.dm @@ -2772,7 +2772,7 @@ if( src.open ) return - var/t = input("Enter what you want to add to the tag:", "Write", null, null) as text + var/t = sanitize(input("Enter what you want to add to the tag:", "Write", null, null) as text, 30) var/obj/item/pizzabox/boxtotagto = src if( boxes.len > 0 ) diff --git a/code/modules/research/xenoarchaeology/chemistry.dm b/code/modules/research/xenoarchaeology/chemistry.dm index f5b718dcf0..eae7b0afc0 100644 --- a/code/modules/research/xenoarchaeology/chemistry.dm +++ b/code/modules/research/xenoarchaeology/chemistry.dm @@ -84,7 +84,7 @@ datum obj/item/weapon/reagent_containers/glass/solution_tray/attackby(obj/item/weapon/W as obj, mob/living/user as mob) if(istype(W, /obj/item/weapon/pen)) - var/new_label = input("What should the new label be?","Label solution tray") + var/new_label = sanitizeSafe(input("What should the new label be?","Label solution tray"), MAX_NAME_LEN) if(new_label) name = "solution tray ([new_label])" user << "\blue You write on the label of the solution tray." diff --git a/code/modules/research/xenoarchaeology/finds/finds_fossils.dm b/code/modules/research/xenoarchaeology/finds/finds_fossils.dm index 57d510015f..80dbf549c0 100644 --- a/code/modules/research/xenoarchaeology/finds/finds_fossils.dm +++ b/code/modules/research/xenoarchaeology/finds/finds_fossils.dm @@ -79,7 +79,7 @@ else ..() else if(istype(W,/obj/item/weapon/pen)) - plaque_contents = input("What would you like to write on the plaque:","Skeleton plaque","") + plaque_contents = sanitize(input("What would you like to write on the plaque:","Skeleton plaque","")) user.visible_message("[user] writes something on the base of [src].","You relabel the plaque on the base of \icon[src] [src].") if(src.contents.Find(/obj/item/weapon/fossil/skull/horned)) src.desc = "A creature made of [src.contents.len-1] assorted bones and a horned skull. The plaque reads \'[plaque_contents]\'."