Merge resolution, master into dev.

2025-12-11 10:43:20 +00:00 · 2014-08-21 12:01:38 +09:30
parent 0397ce5f1a ec791bd81c
commit b47d91b612
680 changed files with 3896 additions and 3904 deletions
--- a/code/__HELPERS/text.dm
+++ b/code/__HELPERS/text.dm
@@ -15,9 +15,8 @@

 // Run all strings to be used in an SQL query through this proc first to properly escape out injection attempts.
 /proc/sanitizeSQL(var/t as text)
-	var/sanitized_text = replacetext(t, "'", "\\'")
-	sanitized_text = replacetext(sanitized_text, "\"", "\\\"")
-	return sanitized_text
+	var/sqltext = dbcon.Quote(t);
+	return copytext(sqltext, 2, lentext(sqltext)-1);//Quote() adds quotes around input, we already do that

 /*
 * Text sanitization
@@ -314,4 +313,4 @@ proc/TextPreview(var/string,var/len=40)
 		else
 			return string
 	else
-		return "[copytext(string, 1, 37)]..."
+		return "[copytext(string, 1, 37)]..."