cyberpresidentvanellope/CHOMPStation2
1
0
Fork 0
mirror of https://github.com/CHOMPStation2/CHOMPStation2.git synced 2025-12-10 10:12:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

sanitize() refactor: third pass (misc)

Browse Source
This commit is contained in:
volas
2015-03-25 01:05:21 +03:00
parent f8822626bb
commit 5fee41d4ba
31 changed files with 68 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
code/controllers/voting.dm
View File

@@ -241,10 +241,10 @@ datum/controller/vote
choices.Add(antag.role_text) choices.Add(antag.role_text)
choices.Add("None") choices.Add("None")
if("custom") if("custom")
question = html_encode(input(usr,"What is the vote for?") as text|null) question = sanitizeSafe(input(usr,"What is the vote for?") as text|null)
if(!question) return 0 if(!question) return 0
for(var/i=1,i<=10,i++) for(var/i=1,i<=10,i++)
var/option = capitalize(html_encode(input(usr,"Please enter an option or hit cancel to finish") as text|null)) var/option = capitalize(sanitize(input(usr,"Please enter an option or hit cancel to finish") as text|null))
if(!option || mode || !usr.client) break if(!option || mode || !usr.client) break
choices.Add(option) choices.Add(option)
else else

2
code/datums/diseases/advance/advance.dm
View File

@@ -394,7 +394,7 @@ var/list/advance_cures = list(
if(D.symptoms.len > 0) if(D.symptoms.len > 0)
var/new_name = input(user, "Name your new disease.", "New Name") var/new_name = sanitizeSafe(input(user, "Name your new disease.", "New Name"), MAX_NAME_LEN)
D.AssignName(new_name) D.AssignName(new_name)
D.Refresh() D.Refresh()

4
code/game/machinery/computer/message.dm
View File

@@ -409,7 +409,7 @@
//Select Your Name //Select Your Name
if("Sender") if("Sender")
customsender = input(usr, "Please enter the sender's name.") as text|null customsender = sanitize(input(usr, "Please enter the sender's name.") as text|null)
//Select Receiver //Select Receiver
if("Recepient") if("Recepient")
@@ -425,7 +425,7 @@
//Enter custom job //Enter custom job
if("RecJob") if("RecJob")
customjob = input(usr, "Please enter the sender's job.") as text|null customjob = sanitize(input(usr, "Please enter the sender's job.") as text|null)
//Enter message //Enter message
if("Message") if("Message")

2
code/game/machinery/computer3/computers/medical.dm
View File

@@ -330,7 +330,7 @@
src.active2.fields["cdi_d"] = t1 src.active2.fields["cdi_d"] = t1
if("notes") if("notes")
if (istype(src.active2, /datum/data/record)) if (istype(src.active2, /datum/data/record))
var/t1 = html_encode(trim(copytext(input("Please summarize notes:", "Med. records", html_decode(src.active2.fields["notes"]), null) as message,1,MAX_MESSAGE_LEN))) var/t1 = sanitize(input("Please summarize notes:", "Med. records", html_decode(src.active2.fields["notes"]), null) as message, extra = 0)
if ((!( t1 ) || !( src.authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || src.active2 != a2)) if ((!( t1 ) || !( src.authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || src.active2 != a2))
return return
src.active2.fields["notes"] = t1 src.active2.fields["notes"] = t1

2
code/game/machinery/computer3/computers/security.dm
View File

@@ -498,7 +498,7 @@ What a mess.*/
active2.fields["ma_crim_d"] = t1 active2.fields["ma_crim_d"] = t1
if("notes") if("notes")
if (istype(active2, /datum/data/record)) if (istype(active2, /datum/data/record))
var/t1 = html_encode(trim(copytext(input("Please summarize notes:", "Secure. records", html_decode(active2.fields["notes"]), null) as message,1,MAX_MESSAGE_LEN))) var/t1 = sanitize(input("Please summarize notes:", "Secure. records", html_decode(active2.fields["notes"]), null) as message, extra = 0)
if ((!( t1 ) || !( authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || active2 != a2)) if ((!( t1 ) || !( authenticated ) || usr.stat || usr.restrained() || (!interactable() && (!istype(usr, /mob/living/silicon))) || active2 != a2))
return return
active2.fields["notes"] = t1 active2.fields["notes"] = t1

4
code/game/machinery/requests_console.dm
View File

@@ -223,7 +223,7 @@ var/list/obj/machinery/requests_console/allConsoles = list()
if(reject_bad_text(href_list["write"])) if(reject_bad_text(href_list["write"]))
dpt = ckey(href_list["write"]) //write contains the string of the receiving department's name dpt = ckey(href_list["write"]) //write contains the string of the receiving department's name
var/new_message = copytext(reject_bad_text(input(usr, "Write your message:", "Awaiting Input", "")),1,MAX_MESSAGE_LEN) var/new_message = sanitize(input("Write your message:", "Awaiting Input", ""))
if(new_message) if(new_message)
message = new_message message = new_message
screen = 9 screen = 9
@@ -238,7 +238,7 @@ var/list/obj/machinery/requests_console/allConsoles = list()
priority = -1 priority = -1
if(href_list["writeAnnouncement"]) if(href_list["writeAnnouncement"])
var/new_message = copytext(reject_bad_text(input(usr, "Write your message:", "Awaiting Input", "")),1,MAX_MESSAGE_LEN) var/new_message = sanitize(input("Write your message:", "Awaiting Input", ""))
if(new_message) if(new_message)
message = new_message message = new_message
switch(href_list["priority"]) switch(href_list["priority"])

2
code/game/response_team.dm
View File

@@ -53,7 +53,7 @@ client/verb/JoinResponseTeam()
for (var/obj/effect/landmark/L in landmarks_list) if (L.name == "Commando") for (var/obj/effect/landmark/L in landmarks_list) if (L.name == "Commando")
L.name = null//Reserving the place. L.name = null//Reserving the place.
var/new_name = input(usr, "Pick a name","Name") as null|text var/new_name = sanitizeSafe(input(usr, "Pick a name","Name") as null|text, MAX_NAME_LEN)
if(!new_name)//Somebody changed his mind, place is available again. if(!new_name)//Somebody changed his mind, place is available again.
L.name = "Commando" L.name = "Commando"
return return

2
code/modules/admin/DB ban/functions.dm
View File

@@ -181,7 +181,7 @@ datum/admins/proc/DB_ban_edit(var/banid = null, var/param = null)
switch(param) switch(param)
if("reason") if("reason")
if(!value) if(!value)
value = input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text value = sanitize(input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text)
value = sql_sanitize_text(value) value = sql_sanitize_text(value)
if(!value) if(!value)
usr << "Cancelled" usr << "Cancelled"

2
code/modules/admin/admin.dm
View File

@@ -725,7 +725,7 @@ var/global/floorIsLava = 0
set desc="Announce your desires to the world" set desc="Announce your desires to the world"
if(!check_rights(0)) return if(!check_rights(0)) return
var/message = input("Global message to send:", "Admin Announce", null, null) as message var/message = input("Global message to send:", "Admin Announce", null, null) as message//todo: sanitize for all?
if(message) if(message)
if(!check_rights(R_SERVER,0)) if(!check_rights(R_SERVER,0))
message = sanitize(message, 500, extra = 0) message = sanitize(message, 500, extra = 0)

2
code/modules/admin/admin_memo.dm
View File

@@ -16,7 +16,7 @@
/client/proc/admin_memo_write() /client/proc/admin_memo_write()
var/savefile/F = new(MEMOFILE) var/savefile/F = new(MEMOFILE)
if(F) if(F)
var/memo = input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message var/memo = sanitize(input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message, extra = 0)
switch(memo) switch(memo)
if(null) if(null)
return return

2
code/modules/admin/admin_verbs.dm
View File

@@ -616,7 +616,7 @@ var/list/admin_verbs_mentor = list(
set name = "Make Sound" set name = "Make Sound"
set desc = "Display a message to everyone who can hear the target" set desc = "Display a message to everyone who can hear the target"
if(O) if(O)
var/message = input("What do you want the message to be?", "Make Sound") as text|null var/message = sanitize(input("What do you want the message to be?", "Make Sound") as text|null)
if(!message) if(!message)
return return
for (var/mob/V in hearers(O)) for (var/mob/V in hearers(O))

21
code/modules/admin/topic.dm
View File

@@ -328,12 +328,12 @@
mins = min(525599,mins) mins = min(525599,mins)
minutes = CMinutes + mins minutes = CMinutes + mins
duration = GetExp(minutes) duration = GetExp(minutes)
reason = input(usr,"Reason?","reason",reason2) as text|null reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null)
if(!reason) return if(!reason) return
if("No") if("No")
temp = 0 temp = 0
duration = "Perma" duration = "Perma"
reason = input(usr,"Reason?","reason",reason2) as text|null reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null)
if(!reason) return if(!reason) return
log_admin("[key_name(usr)] edited [banned_key]'s ban. Reason: [reason] Duration: [duration]") log_admin("[key_name(usr)] edited [banned_key]'s ban. Reason: [reason] Duration: [duration]")
@@ -655,7 +655,7 @@
var/mins = input(usr,"How long (in minutes)?","Ban time",1440) as num|null var/mins = input(usr,"How long (in minutes)?","Ban time",1440) as num|null
if(!mins) if(!mins)
return return
var/reason = input(usr,"Reason?","Please State Reason","") as text|null var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null)
if(!reason) if(!reason)
return return
@@ -680,7 +680,7 @@
return 1 return 1
if("No") if("No")
if(!check_rights(R_BAN)) return if(!check_rights(R_BAN)) return
var/reason = input(usr,"Reason?","Please State Reason","") as text|null var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null)
if(reason) if(reason)
var/msg var/msg
for(var/job in notbannedlist) for(var/job in notbannedlist)
@@ -737,7 +737,7 @@
if (ismob(M)) if (ismob(M))
if(!check_if_greater_rights_than(M.client)) if(!check_if_greater_rights_than(M.client))
return return
var/reason = input("Please enter reason") var/reason = sanitize(input("Please enter reason"))
if(!reason) if(!reason)
M << "\red You have been kicked from the server" M << "\red You have been kicked from the server"
else else
@@ -794,7 +794,7 @@
if(!mins) if(!mins)
return return
if(mins >= 525600) mins = 525599 if(mins >= 525600) mins = 525599
var/reason = input(usr,"Reason?","reason","Griefer") as text|null var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null)
if(!reason) if(!reason)
return return
AddBan(M.ckey, M.computer_id, reason, usr.ckey, 1, mins) AddBan(M.ckey, M.computer_id, reason, usr.ckey, 1, mins)
@@ -815,7 +815,7 @@
//del(M) // See no reason why to delete mob. Important stuff can be lost. And ban can be lifted before round ends. //del(M) // See no reason why to delete mob. Important stuff can be lost. And ban can be lifted before round ends.
if("No") if("No")
if(!check_rights(R_BAN)) return if(!check_rights(R_BAN)) return
var/reason = input(usr,"Reason?","reason","Griefer") as text|null var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null)
if(!reason) if(!reason)
return return
switch(alert(usr,"IP ban?",,"Yes","No","Cancel")) switch(alert(usr,"IP ban?",,"Yes","No","Cancel"))
@@ -1379,7 +1379,7 @@
usr << "The person you are trying to contact is not wearing a headset" usr << "The person you are trying to contact is not wearing a headset"
return return
var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", "") var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", ""))
if(!input) return if(!input) return
src.owner << "You sent [input] to [H] via a secure channel." src.owner << "You sent [input] to [H] via a secure channel."
@@ -1396,7 +1396,7 @@
usr << "The person you are trying to contact is not wearing a headset" usr << "The person you are trying to contact is not wearing a headset"
return return
var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", "") var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", ""))
if(!input) return if(!input) return
src.owner << "You sent [input] to [H] via a secure channel." src.owner << "You sent [input] to [H] via a secure channel."
@@ -1443,6 +1443,7 @@
var/mob/sender = locate(href_list["CentcommFaxReply"]) var/mob/sender = locate(href_list["CentcommFaxReply"])
var/obj/machinery/photocopier/faxmachine/fax = locate(href_list["originfax"]) var/obj/machinery/photocopier/faxmachine/fax = locate(href_list["originfax"])
//todo: sanitize
var/input = input(src.owner, "Please enter a message to reply to [key_name(sender)] via secure connection. NOTE: BBCode does not work, but HTML tags do! Use <br> for line breaks.", "Outgoing message from Centcomm", "") as message|null var/input = input(src.owner, "Please enter a message to reply to [key_name(sender)] via secure connection. NOTE: BBCode does not work, but HTML tags do! Use <br> for line breaks.", "Outgoing message from Centcomm", "") as message|null
if(!input) return if(!input) return
@@ -2652,7 +2653,7 @@
if(href_list["add_player_info"]) if(href_list["add_player_info"])
var/key = href_list["add_player_info"] var/key = href_list["add_player_info"]
var/add = input("Add Player Info") as null|text var/add = sanitize(input("Add Player Info") as null|text)
if(!add) return if(!add) return
notes_add(key,add,usr) notes_add(key,add,usr)

3
code/modules/admin/verbs/adminpm.dm
View File

@@ -60,6 +60,7 @@
return return
//clean the message if it's not sent by a high-rank admin //clean the message if it's not sent by a high-rank admin
//todo: sanitize for all???
if(!check_rights(R_SERVER|R_DEBUG,0)) if(!check_rights(R_SERVER|R_DEBUG,0))
msg = sanitize(msg) msg = sanitize(msg)
if(!msg) return if(!msg) return
@@ -91,7 +92,7 @@
spawn(0) //so we don't hold the caller proc up spawn(0) //so we don't hold the caller proc up
var/sender = src var/sender = src
var/sendername = key var/sendername = key
var/reply = input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null //show message and await a reply var/reply = sanitize(input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null) //show message and await a reply
if(C && reply) if(C && reply)
if(sender) if(sender)
C.cmd_admin_pm(sender,reply) //sender is still about, let's reply to them C.cmd_admin_pm(sender,reply) //sender is still about, let's reply to them

6
code/modules/admin/verbs/custom_event.dm
View File

@@ -7,7 +7,7 @@
src << "Only administrators may use this command." src << "Only administrators may use this command."
return return
var/input = input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null var/input = sanitize(input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null, MAX_BOOK_MESSAGE_LEN, extra = 0)
if(!input || input == "") if(!input || input == "")
custom_event_msg = null custom_event_msg = null
log_admin("[usr.key] has cleared the custom event text.") log_admin("[usr.key] has cleared the custom event text.")
@@ -21,7 +21,7 @@
world << "<h1 class='alert'>Custom Event</h1>" world << "<h1 class='alert'>Custom Event</h1>"
world << "<h2 class='alert'>A custom event is starting. OOC Info:</h2>" world << "<h2 class='alert'>A custom event is starting. OOC Info:</h2>"
world << "<span class='alert'>[html_encode(custom_event_msg)]</span>" world << "<span class='alert'>[custom_event_msg]</span>"
world << "<br>" world << "<br>"
// normal verb for players to view info // normal verb for players to view info
@@ -36,5 +36,5 @@
src << "<h1 class='alert'>Custom Event</h1>" src << "<h1 class='alert'>Custom Event</h1>"
src << "<h2 class='alert'>A custom event is taking place. OOC Info:</h2>" src << "<h2 class='alert'>A custom event is taking place. OOC Info:</h2>"
src << "<span class='alert'>[html_encode(custom_event_msg)]</span>" src << "<span class='alert'>[custom_event_msg]</span>"
src << "<br>" src << "<br>"

2
code/modules/admin/verbs/debug.dm
View File

@@ -205,7 +205,7 @@ But you can call procs that are of type /mob/living/carbon/human/proc/ for that
return 0 return 0
var/obj/item/device/paicard/card = new(T) var/obj/item/device/paicard/card = new(T)
var/mob/living/silicon/pai/pai = new(card) var/mob/living/silicon/pai/pai = new(card)
pai.name = input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text pai.name = sanitizeSafe(input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text)
pai.real_name = pai.name pai.real_name = pai.name
pai.key = choice.key pai.key = choice.key
card.setPersonality(pai) card.setPersonality(pai)

2
code/modules/admin/verbs/massmodvar.dm
View File

@@ -168,7 +168,7 @@
return .(O.vars[variable]) return .(O.vars[variable])
if("text") if("text")
var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null//todo: sanitize ???
if(new_value == null) return if(new_value == null) return
O.vars[variable] = new_value O.vars[variable] = new_value

8
code/modules/admin/verbs/modifyvariables.dm
View File

@@ -44,7 +44,7 @@ var/list/forbidden_varedit_object_types = list(
switch(class) switch(class)
if("text") if("text")
var_value = input("Enter new text:","Text") as null|text var_value = input("Enter new text:","Text") as null|text//todo: sanitize ???
if("num") if("num")
var_value = input("Enter new number:","Num") as null|num var_value = input("Enter new number:","Num") as null|num
@@ -93,7 +93,7 @@ var/list/forbidden_varedit_object_types = list(
switch(class) switch(class)
if("text") if("text")
var_value = input("Enter new text:","Text") as text var_value = input("Enter new text:","Text") as text//todo: sanitize ???
if("num") if("num")
var_value = input("Enter new number:","Num") as num var_value = input("Enter new number:","Num") as num
@@ -243,7 +243,7 @@ var/list/forbidden_varedit_object_types = list(
return return
if("text") if("text")
L[L.Find(variable)] = input("Enter new text:","Text") as text L[L.Find(variable)] = input("Enter new text:","Text") as text//todo: sanitize ???
if("num") if("num")
L[L.Find(variable)] = input("Enter new number:","Num") as num L[L.Find(variable)] = input("Enter new number:","Num") as num
@@ -450,7 +450,7 @@ var/list/forbidden_varedit_object_types = list(
return .(O.vars[variable]) return .(O.vars[variable])
if("text") if("text")
var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text//todo: sanitize ???
if(var_new==null) return if(var_new==null) return
O.vars[variable] = var_new O.vars[variable] = var_new

12
code/modules/admin/verbs/randomverbs.dm
View File

@@ -52,7 +52,7 @@
src << "Only administrators may use this command." src << "Only administrators may use this command."
return return
var/msg = input("Message:", text("Subtle PM to [M.key]")) as text var/msg = sanitize(input("Message:", text("Subtle PM to [M.key]")) as text)
if (!msg) if (!msg)
return return
@@ -109,7 +109,7 @@
src << "Only administrators may use this command." src << "Only administrators may use this command."
return return
var/msg = input("Message:", text("Enter the text you wish to appear to everyone:")) as text var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to everyone:")) as text)
if (!msg) if (!msg)
return return
@@ -132,7 +132,7 @@
if(!M) if(!M)
return return
var/msg = input("Message:", text("Enter the text you wish to appear to your target:")) as text var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to your target:")) as text)
if( !msg ) if( !msg )
return return
@@ -475,7 +475,7 @@ Traitors and the like can also be revived with the previous role mostly intact.
if(!holder) if(!holder)
src << "Only administrators may use this command." src << "Only administrators may use this command."
return return
var/input = input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null var/input = sanitize(input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null)
if(!input) if(!input)
return return
for(var/mob/living/silicon/ai/M in mob_list) for(var/mob/living/silicon/ai/M in mob_list)
@@ -523,8 +523,8 @@ Traitors and the like can also be revived with the previous role mostly intact.
if(!holder) if(!holder)
src << "Only administrators may use this command." src << "Only administrators may use this command."
return return
var/input = input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null var/input = sanitize(input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null, extra = 0)
var/customname = input(usr, "Pick a title for the report.", "Title") as text|null var/customname = sanitizeSafe(input(usr, "Pick a title for the report.", "Title") as text|null)
if(!input) if(!input)
return return
if(!customname) if(!customname)

2
code/modules/client/client procs.dm
View File

@@ -145,7 +145,7 @@
if(custom_event_msg && custom_event_msg != "") if(custom_event_msg && custom_event_msg != "")
src << "<h1 class='alert'>Custom Event</h1>" src << "<h1 class='alert'>Custom Event</h1>"
src << "<h2 class='alert'>A custom event is taking place. OOC Info:</h2>" src << "<h2 class='alert'>A custom event is taking place. OOC Info:</h2>"
src << "<span class='alert'>[html_encode(custom_event_msg)]</span>" src << "<span class='alert'>[custom_event_msg]</span>"
src << "<br>" src << "<br>"
if( (world.address == address || !address) && !host ) if( (world.address == address || !address) && !host )

44
code/modules/client/preferences.dm
View File

@@ -995,16 +995,10 @@ datum/preferences
ShowChoices(user) ShowChoices(user)
return return
if("general") if("general")
var/msg = input(usr,"Give a general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message var/msg = sanitize(input(usr,"Give a general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavor_texts[href_list["task"]] = msg flavor_texts[href_list["task"]] = msg
else else
var/msg = input(usr,"Set the flavor text for your [href_list["task"]].","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message var/msg = sanitize(input(usr,"Set the flavor text for your [href_list["task"]].","Flavor Text",html_decode(flavor_texts[href_list["task"]])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavor_texts[href_list["task"]] = msg flavor_texts[href_list["task"]] = msg
SetFlavorText(user) SetFlavorText(user)
return return
@@ -1019,16 +1013,10 @@ datum/preferences
ShowChoices(user) ShowChoices(user)
return return
if("Default") if("Default")
var/msg = input(usr,"Set the default flavour text for your robot. It will be used for any module without individual setting.","Flavour Text",html_decode(flavour_texts_robot["Default"])) as message var/msg = sanitize(input(usr,"Set the default flavour text for your robot. It will be used for any module without individual setting.","Flavour Text",html_decode(flavour_texts_robot["Default"])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavour_texts_robot[href_list["task"]] = msg flavour_texts_robot[href_list["task"]] = msg
else else
var/msg = input(usr,"Set the flavour text for your robot with [href_list["task"]] module. If you leave this empty, default flavour text will be used for this module.","Flavour Text",html_decode(flavour_texts_robot[href_list["task"]])) as message var/msg = sanitize(input(usr,"Set the flavour text for your robot with [href_list["task"]] module. If you leave this empty, default flavour text will be used for this module.","Flavour Text",html_decode(flavour_texts_robot[href_list["task"]])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavour_texts_robot[href_list["task"]] = msg flavour_texts_robot[href_list["task"]] = msg
SetFlavourTextRobot(user) SetFlavourTextRobot(user)
return return
@@ -1044,41 +1032,25 @@ datum/preferences
else else
user << browse(null, "window=records") user << browse(null, "window=records")
if(href_list["task"] == "med_record") if(href_list["task"] == "med_record")
var/medmsg = input(usr,"Set your medical notes here.","Medical Records",html_decode(med_record)) as message var/medmsg = sanitize(input(usr,"Set your medical notes here.","Medical Records",html_decode(med_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0)
if(medmsg != null) if(medmsg != null)
medmsg = copytext(medmsg, 1, MAX_PAPER_MESSAGE_LEN)
medmsg = html_encode(medmsg)
med_record = medmsg med_record = medmsg
SetRecords(user) SetRecords(user)
if(href_list["task"] == "sec_record") if(href_list["task"] == "sec_record")
var/secmsg = input(usr,"Set your security notes here.","Security Records",html_decode(sec_record)) as message var/secmsg = sanitize(input(usr,"Set your security notes here.","Security Records",html_decode(sec_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0)
if(secmsg != null) if(secmsg != null)
secmsg = copytext(secmsg, 1, MAX_PAPER_MESSAGE_LEN)
secmsg = html_encode(secmsg)
sec_record = secmsg sec_record = secmsg
SetRecords(user) SetRecords(user)
if(href_list["task"] == "gen_record") if(href_list["task"] == "gen_record")
var/genmsg = input(usr,"Set your employment notes here.","Employment Records",html_decode(gen_record)) as message var/genmsg = sanitize(input(usr,"Set your employment notes here.","Employment Records",html_decode(gen_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0)
if(genmsg != null) if(genmsg != null)
genmsg = copytext(genmsg, 1, MAX_PAPER_MESSAGE_LEN)
genmsg = html_encode(genmsg)
gen_record = genmsg gen_record = genmsg
SetRecords(user) SetRecords(user)
if(href_list["task"] == "exploitable_record") if(href_list["task"] == "exploitable_record")
var/exploitmsg = input(usr,"Set exploitable information about you here.","Exploitable Information",html_decode(exploit_record)) as message var/exploitmsg = sanitize(input(usr,"Set exploitable information about you here.","Exploitable Information",html_decode(exploit_record)) as message, MAX_PAPER_MESSAGE_LEN, extra = 0)
if(exploitmsg != null) if(exploitmsg != null)
exploitmsg = copytext(exploitmsg, 1, MAX_PAPER_MESSAGE_LEN)
exploitmsg = html_encode(exploitmsg)
exploit_record = exploitmsg exploit_record = exploitmsg
SetAntagoptions(user) SetAntagoptions(user)

4
code/modules/clothing/spacesuits/rig/modules/utility.dm
View File

@@ -280,10 +280,10 @@
voice_holder.active = 0 voice_holder.active = 0
usr << "<font color='blue'>You disable the speech synthesiser.</font>" usr << "<font color='blue'>You disable the speech synthesiser.</font>"
if("Set Name") if("Set Name")
var/raw_choice = input(usr, "Please enter a new name.") as text|null var/raw_choice = sanitize(input(usr, "Please enter a new name.") as text|null)
if(!raw_choice) if(!raw_choice)
return 0 return 0
voice_holder.voice = sanitize(raw_choice) voice_holder.voice = raw_choice
usr << "<font color='blue'>You are now mimicking <B>[voice_holder.voice]</B>.</font>" usr << "<font color='blue'>You are now mimicking <B>[voice_holder.voice]</B>.</font>"
return 1 return 1

4
code/modules/economy/EFTPOS.dm
View File

@@ -167,7 +167,7 @@
if("change_id") if("change_id")
var/attempt_code = text2num(input("Re-enter the current EFTPOS access code", "Confirm EFTPOS code")) var/attempt_code = text2num(input("Re-enter the current EFTPOS access code", "Confirm EFTPOS code"))
if(attempt_code == access_code) if(attempt_code == access_code)
eftpos_name = input("Enter a new terminal ID for this device", "Enter new EFTPOS ID") + " EFTPOS scanner" eftpos_name = sanitize(input("Enter a new terminal ID for this device", "Enter new EFTPOS ID")) + " EFTPOS scanner"
print_reference() print_reference()
else else
usr << "\icon[src]<span class='warning'>Incorrect code entered.</span>" usr << "\icon[src]<span class='warning'>Incorrect code entered.</span>"
@@ -182,7 +182,7 @@
else else
usr << "\icon[src]<span class='warning'>Account not found.</span>" usr << "\icon[src]<span class='warning'>Account not found.</span>"
if("trans_purpose") if("trans_purpose")
var/choice = input("Enter reason for EFTPOS transaction", "Transaction purpose") var/choice = sanitize(input("Enter reason for EFTPOS transaction", "Transaction purpose"))
if(choice) transaction_purpose = choice if(choice) transaction_purpose = choice
if("trans_value") if("trans_value")
var/try_num = input("Enter amount for EFTPOS transaction", "Transaction amount") as num var/try_num = input("Enter amount for EFTPOS transaction", "Transaction amount") as num

2
code/modules/events/event_manager.dm
View File

@@ -233,7 +233,7 @@
else if(href_list["back"]) else if(href_list["back"])
selected_event_container = null selected_event_container = null
else if(href_list["set_name"]) else if(href_list["set_name"])
var/name = input("Enter event name.", "Set Name") as text|null var/name = sanitize(input("Enter event name.", "Set Name") as text|null)
if(name) if(name)
var/datum/event_meta/EM = locate(href_list["set_name"]) var/datum/event_meta/EM = locate(href_list["set_name"])
EM.name = name EM.name = name

10
code/modules/mob/living/carbon/human/human.dm
View File

@@ -657,17 +657,11 @@
src << browse(null, "window=flavor_changes") src << browse(null, "window=flavor_changes")
return return
if("general") if("general")
var/msg = input(usr,"Update the general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message var/msg = sanitize(input(usr,"Update the general description of your character. This will be shown regardless of clothing, and may include OOC notes and preferences.","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavor_texts[href_list["flavor_change"]] = msg flavor_texts[href_list["flavor_change"]] = msg
return return
else else
var/msg = input(usr,"Update the flavor text for your [href_list["flavor_change"]].","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message var/msg = sanitize(input(usr,"Update the flavor text for your [href_list["flavor_change"]].","Flavor Text",html_decode(flavor_texts[href_list["flavor_change"]])) as message, extra = 0)
if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavor_texts[href_list["flavor_change"]] = msg flavor_texts[href_list["flavor_change"]] = msg
set_flavor() set_flavor()
return return

4
code/modules/mob/living/silicon/robot/robot.dm
View File

@@ -430,8 +430,8 @@
spawn(0) spawn(0)
var/newname var/newname
newname = input(src,"You are a robot. Enter a name, or leave blank for the default name.", "Name change","") as text newname = sanitizeSafe(input(src,"You are a robot. Enter a name, or leave blank for the default name.", "Name change","") as text, MAX_NAME_LEN)
if (newname != "") if (newname)
custom_name = newname custom_name = newname
updatename() updatename()

4
code/modules/mob/living/silicon/robot/robot_items.dm
View File

@@ -124,11 +124,11 @@
/obj/item/weapon/pen/robopen/proc/RenamePaper(mob/user as mob,obj/paper as obj) /obj/item/weapon/pen/robopen/proc/RenamePaper(mob/user as mob,obj/paper as obj)
if ( !user || !paper ) if ( !user || !paper )
return return
var/n_name = input(user, "What would you like to label the paper?", "Paper Labelling", null) as text var/n_name = sanitizeSafe(input(user, "What would you like to label the paper?", "Paper Labelling", null) as text, 32)
if ( !user || !paper ) if ( !user || !paper )
return return
n_name = copytext(n_name, 1, 32) //n_name = copytext(n_name, 1, 32)
if(( get_dist(user,paper) <= 1 && user.stat == 0)) if(( get_dist(user,paper) <= 1 && user.stat == 0))
paper.name = "paper[(n_name ? text("- '[n_name]'") : null)]" paper.name = "paper[(n_name ? text("- '[n_name]'") : null)]"
add_fingerprint(user) add_fingerprint(user)

5
code/modules/mob/mob.dm
View File

@@ -360,12 +360,9 @@ var/list/slot_equipment_priority = list( \
set src in usr set src in usr
if(usr != src) if(usr != src)
usr << "No." usr << "No."
var/msg = input(usr,"Set the flavor text in your 'examine' verb. Can also be used for OOC notes about your character.","Flavor Text",html_decode(flavor_text)) as message|null var/msg = sanitize(input(usr,"Set the flavor text in your 'examine' verb. Can also be used for OOC notes about your character.","Flavor Text",html_decode(flavor_text)) as message|null, extra = 0)
if(msg != null) if(msg != null)
msg = copytext(msg, 1, MAX_MESSAGE_LEN)
msg = html_encode(msg)
flavor_text = msg flavor_text = msg
/mob/proc/warn_flavor_changed() /mob/proc/warn_flavor_changed()

4
code/modules/reagents/Chemistry-Machinery.dm
View File

@@ -178,7 +178,7 @@
var/amount_per_pill = reagents.total_volume/count var/amount_per_pill = reagents.total_volume/count
if (amount_per_pill > 60) amount_per_pill = 60 if (amount_per_pill > 60) amount_per_pill = 60
var/name = reject_bad_text(input(usr,"Name:","Name your pill!","[reagents.get_master_reagent_name()] ([amount_per_pill] units)")) var/name = sanitizeSafe(input(usr,"Name:","Name your pill!","[reagents.get_master_reagent_name()] ([amount_per_pill] units)"), MAX_NAME_LEN)
if(reagents.total_volume/count < 1) //Sanity checking. if(reagents.total_volume/count < 1) //Sanity checking.
return return
@@ -197,7 +197,7 @@
else if (href_list["createbottle"]) else if (href_list["createbottle"])
if(!condi) if(!condi)
var/name = reject_bad_text(input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name())) var/name = sanitizeSafe(input(usr,"Name:","Name your bottle!",reagents.get_master_reagent_name()), MAX_NAME_LEN)
var/obj/item/weapon/reagent_containers/glass/bottle/P = new/obj/item/weapon/reagent_containers/glass/bottle(src.loc) var/obj/item/weapon/reagent_containers/glass/bottle/P = new/obj/item/weapon/reagent_containers/glass/bottle(src.loc)
if(!name) name = reagents.get_master_reagent_name() if(!name) name = reagents.get_master_reagent_name()
P.name = "[name] bottle" P.name = "[name] bottle"

2
code/modules/reagents/reagent_containers/food/snacks.dm
View File

@@ -2772,7 +2772,7 @@
if( src.open ) if( src.open )
return return
var/t = input("Enter what you want to add to the tag:", "Write", null, null) as text var/t = sanitize(input("Enter what you want to add to the tag:", "Write", null, null) as text, 30)
var/obj/item/pizzabox/boxtotagto = src var/obj/item/pizzabox/boxtotagto = src
if( boxes.len > 0 ) if( boxes.len > 0 )

2
code/modules/research/xenoarchaeology/chemistry.dm
View File

@@ -84,7 +84,7 @@ datum
obj/item/weapon/reagent_containers/glass/solution_tray/attackby(obj/item/weapon/W as obj, mob/living/user as mob) obj/item/weapon/reagent_containers/glass/solution_tray/attackby(obj/item/weapon/W as obj, mob/living/user as mob)
if(istype(W, /obj/item/weapon/pen)) if(istype(W, /obj/item/weapon/pen))
var/new_label = input("What should the new label be?","Label solution tray") var/new_label = sanitizeSafe(input("What should the new label be?","Label solution tray"), MAX_NAME_LEN)
if(new_label) if(new_label)
name = "solution tray ([new_label])" name = "solution tray ([new_label])"
user << "\blue You write on the label of the solution tray." user << "\blue You write on the label of the solution tray."

2
code/modules/research/xenoarchaeology/finds/finds_fossils.dm
View File

@@ -79,7 +79,7 @@
else else
..() ..()
else if(istype(W,/obj/item/weapon/pen)) else if(istype(W,/obj/item/weapon/pen))
plaque_contents = input("What would you like to write on the plaque:","Skeleton plaque","") plaque_contents = sanitize(input("What would you like to write on the plaque:","Skeleton plaque",""))
user.visible_message("[user] writes something on the base of [src].","You relabel the plaque on the base of \icon[src] [src].") user.visible_message("[user] writes something on the base of [src].","You relabel the plaque on the base of \icon[src] [src].")
if(src.contents.Find(/obj/item/weapon/fossil/skull/horned)) if(src.contents.Find(/obj/item/weapon/fossil/skull/horned))
src.desc = "A creature made of [src.contents.len-1] assorted bones and a horned skull. The plaque reads \'[plaque_contents]\'." src.desc = "A creature made of [src.contents.len-1] assorted bones and a horned skull. The plaque reads \'[plaque_contents]\'."