Sanitization

2025-12-10 02:09:41 +00:00 · 2022-10-02 13:58:21 -04:00
parent dbc2cba71c
commit d8b03336e5
27 changed files with 115 additions and 50 deletions
--- a/code/game/machinery/navbeacon.dm
+++ b/code/game/machinery/navbeacon.dm
@@ -150,7 +150,7 @@ Transponder Codes:<UL>"}
 			usr.set_machine(src)

 			if(href_list["locedit"])
-				var/newloc = sanitize(tgui_input_text(usr, "Enter New Location", "Navigation Beacon", location))
+				var/newloc = sanitize(tgui_input_text(usr, "Enter New Location", "Navigation Beacon", location, MAX_NAME_LEN))
 				if(newloc)
 					location = newloc
 					updateDialog()
@@ -158,12 +158,14 @@ Transponder Codes:<UL>"}
 			else if(href_list["edit"])
 				var/codekey = href_list["code"]

-				var/newkey = tgui_input_text(usr, "Enter Transponder Code Key", "Navigation Beacon", codekey)
+				var/newkey = tgui_input_text(usr, "Enter Transponder Code Key", "Navigation Beacon", codekey, MAX_NAME_LEN)
+				newkey = sanitize(newkey,MAX_NAME_LEN)
 				if(!newkey)
 					return

 				var/codeval = codes[codekey]
-				var/newval = tgui_input_text(usr, "Enter Transponder Code Value", "Navigation Beacon", codeval)
+				var/newval = tgui_input_text(usr, "Enter Transponder Code Value", "Navigation Beacon", codeval, MAX_NAME_LEN)
+				newval = sanitize(newval,MAX_NAME_LEN)
 				if(!newval)
 					newval = codekey
 					return
@@ -180,11 +182,13 @@ Transponder Codes:<UL>"}

 			else if(href_list["add"])

-				var/newkey = tgui_input_text(usr, "Enter New Transponder Code Key", "Navigation Beacon")
+				var/newkey = tgui_input_text(usr, "Enter New Transponder Code Key", "Navigation Beacon", null, MAX_NAME_LEN)
+				newkey = sanitize(newkey,MAX_NAME_LEN)
 				if(!newkey)
 					return

-				var/newval = tgui_input_text(usr, "Enter New Transponder Code Value", "Navigation Beacon")
+				var/newval = tgui_input_text(usr, "Enter New Transponder Code Value", "Navigation Beacon", null, MAX_NAME_LEN)
+				newval = sanitize(newval,MAX_NAME_LEN)
 				if(!newval)
 					newval = "1"
 					return
--- a/code/game/machinery/pointdefense.dm
+++ b/code/game/machinery/pointdefense.dm
@@ -97,7 +97,8 @@ GLOBAL_LIST_BOILERPLATE(pointdefense_turrets, /obj/machinery/pointdefense)

 /obj/machinery/pointdefense_control/attackby(var/obj/item/W, var/mob/user)
 	if(W?.is_multitool())
-		var/new_ident = tgui_input_text(user, "Enter a new ident tag.", "[src]", id_tag)
+		var/new_ident = tgui_input_text(user, "Enter a new ident tag.", "[src]", id_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && new_ident != id_tag && user.Adjacent(src) && CanInteract(user, GLOB.tgui_physical_state))
 			// Check for duplicate controllers with this ID
 			for(var/obj/machinery/pointdefense_control/PC as anything in GLOB.pointdefense_controllers)
@@ -212,7 +213,8 @@ GLOBAL_LIST_BOILERPLATE(pointdefense_turrets, /obj/machinery/pointdefense)

 /obj/machinery/pointdefense/attackby(var/obj/item/W, var/mob/user)
 	if(W?.is_multitool())
-		var/new_ident = tgui_input_text(user, "Enter a new ident tag.", "[src]", id_tag)
+		var/new_ident = tgui_input_text(user, "Enter a new ident tag.", "[src]", id_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && new_ident != id_tag && user.Adjacent(src) && CanInteract(user, GLOB.tgui_physical_state))
 			to_chat(user, "<span class='notice'>You register [src] with the [new_ident] network.</span>")
 			id_tag = new_ident
@@ -295,6 +297,25 @@ GLOBAL_LIST_BOILERPLATE(pointdefense_turrets, /obj/machinery/pointdefense)
 	var/obj/machinery/pointdefense_control/PC = get_controller()
 	if(!istype(PC) || !PC.powered(EQUIP))
 		return
+<<<<<<< HEAD
+=======
+
+	// Compile list of known targets
+	var/list/existing_targets = list()
+	for(var/weakref/WR in PC.targets)
+		var/obj/effect/meteor/M = WR.resolve()
+		existing_targets += M
+
+	// First, try and acquire new targets
+	var/list/potential_targets = GLOB.meteor_list.Copy() - existing_targets
+	for(var/obj/effect/meteor/M in potential_targets)
+		if(targeting_check(M))
+			var/weakref/target = weakref(M)
+			PC.targets += target
+			engaging = target
+			Shoot(target)
+			return
+>>>>>>> 73d3802786... Merge pull request #13825 from Cameron653/rcon_sanitization

 	var/list/connected_z_levels = GetConnectedZlevels(get_z(src))
 	for(var/obj/effect/meteor/M in GLOB.meteor_list)
@@ -319,6 +340,22 @@ GLOBAL_LIST_BOILERPLATE(pointdefense_turrets, /obj/machinery/pointdefense)
 			PC.targets += target
 			Shoot(target)
 			return
+<<<<<<< HEAD
+=======
+
+/obj/machinery/power/pointdefense/proc/targeting_check(var/obj/effect/meteor/M)
+	// Target in range
+	var/list/connected_z_levels = GetConnectedZlevels(get_z(src))
+	if(!(M.z in connected_z_levels))
+		return FALSE
+	if(get_dist(M, src) > kill_range)
+		return FALSE
+	// If we can shoot it, then shoot
+	if(emagged || !space_los(M))
+		return FALSE
+
+	return TRUE
+>>>>>>> 73d3802786... Merge pull request #13825 from Cameron653/rcon_sanitization

 /obj/machinery/pointdefense/RefreshParts()
 	. = ..()
--- a/code/game/machinery/telecomms/logbrowser.dm
+++ b/code/game/machinery/telecomms/logbrowser.dm
@@ -46,7 +46,7 @@
 		for(var/c in SelectedServer.log_entries)
 			i++
 			var/datum/comm_log_entry/C = c
-			
+
 			// This is necessary to prevent leaking information to the clientside
 			var/static/list/acceptable_params = list("uspeech", "intelligible", "message", "name", "race", "job", "timecode")
 			var/list/parameters = list()
@@ -74,7 +74,7 @@
 	if(!ui)
 		ui = new(user, src, "TelecommsLogBrowser", name)
 		ui.open()
-	
+
 /obj/machinery/computer/telecomms/server/tgui_act(action, params)
 	if(..())
 		return TRUE
@@ -128,7 +128,8 @@
 			. = TRUE

 		if("network")
-			var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network)
+			var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network, 15)
+			newnet = sanitize(newnet,15)

 			if(newnet && ((usr in range(1, src) || issilicon(usr))))
 				if(length(newnet) > 15)
@@ -139,7 +140,7 @@
 				set_temp("NEW NETWORK TAG SET IN ADDRESS \[[network]\]", "good")

 			. = TRUE
-		
+
 		if("cleartemp")
 			temp = null
 			. = TRUE
--- a/code/game/machinery/telecomms/machine_interactions.dm
+++ b/code/game/machinery/telecomms/machine_interactions.dm
@@ -41,7 +41,7 @@

 /obj/machinery/telecomms/tgui_data(mob/user)
 	var/list/data = list()
-	
+
 	data["temp"] = temp
 	data["on"] = on

@@ -81,7 +81,7 @@
 				"index" = i,
 			)))
 		data["linked"] = linked
-		
+
 		var/list/filter = list()
 		for(var/x in freq_listening)
 			filter.Add(list(list(
@@ -213,7 +213,7 @@
 /obj/machinery/telecomms/bus/Options_Act(action, params)
 	if(..())
 		return TRUE
-	
+
 	switch(action)
 		if("change_freq")
 			. = TRUE
@@ -267,7 +267,7 @@
 /obj/machinery/telecomms/receiver/Options_Act(action, params)
 	if(..())
 		return TRUE
-	
+
 	switch(action)
 		if("range")
 			var/new_range = params["range"]
@@ -296,6 +296,7 @@

 		if("network")
 			var/newnet = tgui_input_text(usr, "Specify the new network for this machine. This will break all current links.", src, network)
+			newnet = sanitize(newnet,15)
 			if(newnet && canAccess(usr))

 				if(length(newnet) > 15)
--- a/code/game/machinery/telecomms/telemonitor.dm
+++ b/code/game/machinery/telecomms/telemonitor.dm
@@ -100,7 +100,8 @@
 			. = TRUE

 		if("network")
-			var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network)
+			var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network, 15)
+			newnet = sanitize(newnet,15) //Honestly, I'd be amazed if someone managed to do HTML in 15 chars.
 			if(newnet && ((usr in range(1, src) || issilicon(usr))))
 				if(length(newnet) > 15)
 					set_temp("FAILED: NETWORK TAG STRING TOO LENGTHY", "bad")
@@ -108,7 +109,7 @@
 				network = newnet
 				machinelist = list()
 				set_temp("NEW NETWORK TAG SET IN ADDRESS \[[network]\]", "good")
-			
+
 			. = TRUE

 		if("cleartemp")
--- a/code/game/machinery/telecomms/traffic_control.dm
+++ b/code/game/machinery/telecomms/traffic_control.dm
@@ -192,7 +192,8 @@

 	if(href_list["network"])

-		var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network)
+		var/newnet = tgui_input_text(usr, "Which network do you want to view?", "Comm Monitor", network, 15)
+		newnet = sanitize(newnet,15)

 		if(newnet && ((usr in range(1, src) || issilicon(usr))))
 			if(length(newnet) > 15)
--- a/code/game/objects/items/bodybag.dm
+++ b/code/game/objects/items/bodybag.dm
@@ -53,7 +53,7 @@

 /obj/structure/closet/body_bag/attackby(var/obj/item/W as obj, mob/user as mob)
 	if (istype(W, /obj/item/weapon/pen))
-		var/t = tgui_input_text(user, "What would you like the label to be?", text("[]", src.name), null)
+		var/t = tgui_input_text(user, "What would you like the label to be?", text("[]", src.name), null, MAX_NAME_LEN	)
 		if (user.get_active_hand() != W)
 			return
 		if (!in_range(src, user) && src.loc != user)
--- a/code/game/objects/items/devices/gps.dm
+++ b/code/game/objects/items/devices/gps.dm
@@ -137,7 +137,7 @@ var/list/GPS_list = list()
 	if(emped)
 		to_chat(user, "It's busted!")
 		return
-	
+
 	toggle_tracking()
 	if(tracking)
 		to_chat(user, "[src] is no longer tracking, or visible to other GPS devices.")
@@ -194,7 +194,7 @@ var/list/GPS_list = list()
 	dat["curr_z"] = curr.z
 	dat["curr_z_name"] = strip_improper(using_map.get_zlevel_name(curr.z))
 	dat["z_level_detection"] = using_map.get_map_levels(curr.z, long_range)
-	
+
 	var/list/gps_list = list()
 	for(var/obj/item/device/gps/G in GPS_list - src)

@@ -250,7 +250,7 @@ var/list/GPS_list = list()
 				dat += "<tr>"
 				var/gps_ref = "\ref[gps["ref"]]"
 				dat += "<td>[gps["gps_tag"]]</td><td>[gps["area_name"]]</td>"
-				
+
 				if(istype(gps_data["ref"], /obj/item/device/gps/internal/poi))
 					dat += "<td>[gps["local"] ? "[gps["direction"]] Dist: [round(gps["distance"], 10)]m" : "[gps["z_name"]]"]</td>"
 				else
@@ -323,7 +323,7 @@ var/list/GPS_list = list()
 				. = TRUE

 	if(href_list["tag"])
-		var/a = tgui_input_text(usr, "Please enter desired tag.", name, gps_tag)
+		var/a = tgui_input_text(usr, "Please enter desired tag.", name, gps_tag, 10)
 		a = uppertext(copytext(sanitize(a), 1, 11))
 		if(in_range(src, usr))
 			gps_tag = a
--- a/code/game/objects/items/devices/tvcamera.dm
+++ b/code/game/objects/items/devices/tvcamera.dm
@@ -65,7 +65,8 @@
 	if(..())
 		return 1
 	if(href_list["channel"])
-		var/nc = tgui_input_text(usr, "Channel name", "Select new channel name", channel)
+		var/nc = tgui_input_text(usr, "Channel name", "Select new channel name", channel, MAX_NAME_LEN)
+		nc = sanitize(nc,MAX_NAME_LEN)
 		if(nc)
 			channel = nc
 			camera.c_tag = channel
--- a/code/game/objects/items/weapons/implants/implantcase.dm
+++ b/code/game/objects/items/weapons/implants/implantcase.dm
@@ -21,7 +21,7 @@
 /obj/item/weapon/implantcase/attackby(obj/item/weapon/I as obj, mob/user as mob)
 	..()
 	if (istype(I, /obj/item/weapon/pen))
-		var/t = tgui_input_text(user, "What would you like the label to be?", text("[]", src.name), null)
+		var/t = tgui_input_text(user, "What would you like the label to be?", text("[]", src.name), null, MAX_NAME_LEN)
 		if (user.get_active_hand() != I)
 			return
 		if((!in_range(src, usr) && src.loc != user))
--- a/code/modules/admin/verbs/randomverbs.dm
+++ b/code/modules/admin/verbs/randomverbs.dm
@@ -86,10 +86,14 @@
 	if (!holder)
 		return

-	var/msg = sanitize(tgui_input_text(usr, "Message:", text("Subtle PM to [M.key]")))
+	var/msg = tgui_input_text(usr, "Message:", text("Subtle PM to [M.key]"))

 	if (!msg)
 		return
+
+	if(!(msg[1] == "<" && msg[length(msg)] == ">")) //You can use HTML but only if the whole thing is HTML. Tries to prevent admin 'accidents'.
+		msg = sanitize(msg)
+
 	if(usr)
 		if (usr.client)
 			if(usr.client.holder)
--- a/code/modules/integrated_electronics/core/pins.dm
+++ b/code/modules/integrated_electronics/core/pins.dm
@@ -154,12 +154,13 @@ list[](
 	var/new_data = null
 	switch(type_to_use)
 		if("string")
-			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing", istext(default) ? default : null)
+			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing", istext(default) ? default : null, MAX_NAME_LEN)
+			new_data = sanitize(new_data,MAX_NAME_LEN)
 			if(istext(new_data) && holder.check_interactivity(user) )
 				to_chat(user, "<span class='notice'>You input [new_data] into the pin.</span>")
 				return new_data
 		if("number")
-			new_data = tgui_input_number(usr, "Now type in a number.","[src] number writing", isnum(default) ? default : null)
+			new_data = tgui_input_number(usr, "Now type in a number.","[src] number writing", isnum(default) ? default : null, MAX_NAME_LEN)
 			if(isnum(new_data) && holder.check_interactivity(user) )
 				to_chat(user, "<span class='notice'>You input [new_data] into the pin.</span>")
 				return new_data
--- a/code/modules/integrated_electronics/core/tools.dm
+++ b/code/modules/integrated_electronics/core/tools.dm
@@ -122,7 +122,7 @@
 	switch(type_to_use)
 		if("string")
 			accepting_refs = 0
-			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing")
+			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing", null, MAX_MESSAGE_LEN)
 			new_data = sanitizeSafe(new_data, MAX_MESSAGE_LEN, 0, 0)
 			if(istext(new_data) && CanInteract(user, GLOB.tgui_physical_state))
 				data_to_write = new_data
--- a/code/modules/integrated_electronics/subtypes/input.dm
+++ b/code/modules/integrated_electronics/subtypes/input.dm
@@ -72,7 +72,8 @@
 	power_draw_per_use = 4

 /obj/item/integrated_circuit/input/textpad/ask_for_input(mob/user)
-	var/new_input = tgui_input_text(user, "Enter some words, please.","Number pad", get_pin_data(IC_OUTPUT, 1))
+	var/new_input = tgui_input_text(user, "Enter some words, please.","Number pad", get_pin_data(IC_OUTPUT, 1),MAX_NAME_LEN)
+	new_input = sanitize(new_input,MAX_NAME_LEN)
 	if(istext(new_input) && CanInteract(user, GLOB.tgui_physical_state))
 		set_pin_data(IC_OUTPUT, 1, new_input)
 		push_data()
--- a/code/modules/integrated_electronics/subtypes/memory.dm
+++ b/code/modules/integrated_electronics/subtypes/memory.dm
@@ -96,13 +96,14 @@
 	switch(type_to_use)
 		if("string")
 			accepting_refs = 0
-			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing")
+			new_data = tgui_input_text(usr, "Now type in a string.","[src] string writing", MAX_NAME_LEN)
+			new_data = sanitize(new_data,MAX_NAME_LEN)
 			if(istext(new_data) && CanInteract(user, GLOB.tgui_physical_state))
 				O.data = new_data
 				to_chat(user, "<span class='notice'>You set \the [src]'s memory to [O.display_data(O.data)].</span>")
 		if("number")
 			accepting_refs = 0
-			new_data = tgui_input_number(usr, "Now type in a number.","[src] number writing")
+			new_data = tgui_input_number(usr, "Now type in a number.","[src] number writing", MAX_NAME_LEN)
 			if(isnum(new_data) && CanInteract(user, GLOB.tgui_physical_state))
 				O.data = new_data
 				to_chat(user, "<span class='notice'>You set \the [src]'s memory to [O.display_data(O.data)].</span>")
--- a/code/modules/mob/living/carbon/human/human_powers.dm
+++ b/code/modules/mob/living/carbon/human/human_powers.dm
@@ -94,9 +94,9 @@

 	if(!target) return

-	text = tgui_input_text(usr, "What would you like to say?", "Speak to creature", null, null)
+	text = tgui_input_text(usr, "What would you like to say?", "Speak to creature", null, MAX_MESSAGE_LEN)

-	text = sanitize(text)
+	text = sanitize(text, MAX_MESSAGE_LEN)

 	if(!text) return

@@ -217,7 +217,7 @@

 		if(isSynthetic())
 			output += "Current Battery Charge: [nutrition]\n"
-			
+
 			var/toxDam = getToxLoss()
 			if(toxDam)
 				output += "System Instability: <span class='warning'>[toxDam > 25 ? "Severe" : "Moderate"]</span>. Seek charging station for cleanup.\n"
--- a/code/modules/overmap/ships/computers/helm.dm
+++ b/code/modules/overmap/ships/computers/helm.dm
@@ -157,7 +157,8 @@ GLOBAL_LIST_EMPTY(all_waypoints)
 	switch(action)
 		if("add")
 			var/datum/computer_file/data/waypoint/R = new()
-			var/sec_name = tgui_input_text(usr, "Input navigation entry name", "New navigation entry", "Sector #[known_sectors.len]")
+			var/sec_name = tgui_input_text(usr, "Input navigation entry name", "New navigation entry", "Sector #[known_sectors.len]", MAX_NAME_LEN)
+			sec_name = sanitize(sec_name,MAX_NAME_LEN)
 			if(tgui_status(usr, state) != STATUS_INTERACTIVE)
 				return FALSE
 			if(!sec_name)
@@ -244,7 +245,7 @@ GLOBAL_LIST_EMPTY(all_waypoints)
 			else
 				autopilot = !autopilot
 			. = TRUE
-		
+
 		if("apilot_lock")
 			autopilot_disabled = !autopilot_disabled
 			autopilot = FALSE
--- a/code/modules/power/breaker_box.dm
+++ b/code/modules/power/breaker_box.dm
@@ -40,7 +40,7 @@
 /obj/machinery/power/breakerbox/activated/Initialize()
 	. = ..()
 	return INITIALIZE_HINT_LATELOAD
-		
+
 /obj/machinery/power/breakerbox/activated/LateInitialize()
 	set_state(1)

@@ -96,7 +96,8 @@

 /obj/machinery/power/breakerbox/attackby(var/obj/item/weapon/W as obj, var/mob/user as mob)
 	if(istype(W, /obj/item/device/multitool))
-		var/newtag = tgui_input_text(user, "Enter new RCON tag. Use \"NO_TAG\" to disable RCON or leave empty to cancel.", "SMES RCON system")
+		var/newtag = tgui_input_text(user, "Enter new RCON tag. Use \"NO_TAG\" to disable RCON or leave empty to cancel.", "SMES RCON system", "", MAX_NAME_LEN)
+		newtag = sanitize(newtag,MAX_NAME_LEN)
 		if(newtag)
 			RCon_tag = newtag
 			to_chat(user, "<span class='notice'>You changed the RCON tag to: [newtag]</span>")
--- a/code/modules/power/fusion/core/_core.dm
+++ b/code/modules/power/fusion/core/_core.dm
@@ -149,7 +149,8 @@ GLOBAL_LIST_EMPTY(fusion_cores)
 		return

 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fusion Core", id_tag)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fusion Core", id_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			id_tag = new_ident
 		return
--- a/code/modules/power/fusion/fuel_assembly/fuel_control.dm
+++ b/code/modules/power/fusion/fuel_assembly/fuel_control.dm
@@ -117,7 +117,8 @@
 /obj/machinery/computer/fusion_fuel_control/attackby(var/obj/item/W, var/mob/user)
 	..()
 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fuel Control", monitor.fuel_tag)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fuel Control", monitor.fuel_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			monitor.fuel_tag = new_ident
 		return
--- a/code/modules/power/fusion/fuel_assembly/fuel_injector.dm
+++ b/code/modules/power/fusion/fuel_assembly/fuel_injector.dm
@@ -43,7 +43,8 @@ GLOBAL_LIST_EMPTY(fuel_injectors)
 /obj/machinery/fusion_fuel_injector/attackby(obj/item/W, mob/user)

 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fuel Injector", id_tag)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Fuel Injector", id_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			id_tag = new_ident
 		return
--- a/code/modules/power/fusion/gyrotron/gyrotron.dm
+++ b/code/modules/power/fusion/gyrotron/gyrotron.dm
@@ -53,7 +53,8 @@ GLOBAL_LIST_EMPTY(gyrotrons)

 /obj/machinery/power/emitter/gyrotron/attackby(var/obj/item/W, var/mob/user)
 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Gyrotron", id_tag)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Gyrotron", id_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			id_tag = new_ident
 		return
--- a/code/modules/power/fusion/gyrotron/gyrotron_control.dm
+++ b/code/modules/power/fusion/gyrotron/gyrotron_control.dm
@@ -119,7 +119,8 @@
 /obj/machinery/computer/gyrotron_control/attackby(var/obj/item/W, var/mob/user)
 	..()
 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Gyrotron Control", monitor.gyro_tag)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", "Gyrotron Control", monitor.gyro_tag, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			monitor.gyro_tag = new_ident
 		return
--- a/code/modules/power/smes_construction.dm
+++ b/code/modules/power/smes_construction.dm
@@ -312,7 +312,8 @@

 		// Multitool - change RCON tag
 		if(istype(W, /obj/item/device/multitool))
-			var/newtag = tgui_input_text(user, "Enter new RCON tag. Use \"NO_TAG\" to disable RCON or leave empty to cancel.", "SMES RCON system")
+			var/newtag = tgui_input_text(user, "Enter new RCON tag. Use \"NO_TAG\" to disable RCON or leave empty to cancel.", "SMES RCON system", "", MAX_NAME_LEN)
+			newtag = sanitize(newtag,MAX_NAME_LEN)
 			if(newtag)
 				RCon_tag = newtag
 				to_chat(user, "<span class='notice'>You changed the RCON tag to: [newtag]</span>")
--- a/code/modules/power/turbine.dm
+++ b/code/modules/power/turbine.dm
@@ -124,7 +124,8 @@
 	if(default_deconstruction_crowbar(user, W))
 		return
 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", name, comp_id)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", name, comp_id, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			comp_id = new_ident
 		return
@@ -337,7 +338,8 @@

 /obj/machinery/computer/turbine_computer/attackby(obj/item/W, mob/user)
 	if(istype(W, /obj/item/device/multitool))
-		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", name, id)
+		var/new_ident = tgui_input_text(usr, "Enter a new ident tag.", name, id, MAX_NAME_LEN)
+		new_ident = sanitize(new_ident,MAX_NAME_LEN)
 		if(new_ident && user.Adjacent(src))
 			id = new_ident
 		return
--- a/code/modules/shuttles/shuttle_console.dm
+++ b/code/modules/shuttles/shuttle_console.dm
@@ -111,7 +111,8 @@
 			return TRUE

 		if("set_codes")
-			var/newcode = tgui_input_text(usr, "Input new docking codes", "Docking codes", shuttle.docking_codes)
+			var/newcode = tgui_input_text(usr, "Input new docking codes", "Docking codes", shuttle.docking_codes, MAX_NAME_LEN)
+			newcode = sanitize(newcode,MAX_NAME_LEN)
 			if(newcode && !..())
 				shuttle.set_docking_codes(uppertext(newcode))
 			return TRUE
--- a/code/modules/tgui/modules/overmap.dm
+++ b/code/modules/tgui/modules/overmap.dm
@@ -307,7 +307,8 @@
 		/* HELM */
 		if("add")
 			var/datum/computer_file/data/waypoint/R = new()
-			var/sec_name = tgui_input_text(usr, "Input navigation entry name", "New navigation entry", "Sector #[known_sectors.len]")
+			var/sec_name = tgui_input_text(usr, "Input navigation entry name", "New navigation entry", "Sector #[known_sectors.len]", MAX_NAME_LEN)
+			sec_name = sanitize(sec_name,MAX_NAME_LEN)
 			if(!sec_name)
 				sec_name = "Sector #[known_sectors.len]"
 			R.fields["name"] = sec_name
@@ -383,7 +384,7 @@
 			else
 				autopilot = !autopilot
 			. = TRUE
-		
+
 		if("apilot_lock")
 			autopilot_disabled = !autopilot_disabled
 			autopilot = FALSE