Don't html-ize high rank admins in Discord. (#25117)

* More escaping fixes.

* Update code/__HELPERS/text.dm

Co-authored-by: GDN <96800819+GDNgit@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: DGamerL <108773801+DGamerL@users.noreply.github.com>
Signed-off-by: Charlie Nolan <funnyman3595@gmail.com>

---------

Signed-off-by: Charlie Nolan <funnyman3595@gmail.com>
Co-authored-by: FunnyMan3595 (Charlie Nolan) <funnyman@google.com>
Co-authored-by: GDN <96800819+GDNgit@users.noreply.github.com>
Co-authored-by: DGamerL <108773801+DGamerL@users.noreply.github.com>
This commit is contained in:
Charlie Nolan
2024-05-05 20:19:14 -07:00
committed by GitHub
parent 819e9ed064
commit a5d780e4d7
12 changed files with 29 additions and 52 deletions
+1
View File
@@ -38,6 +38,7 @@ GLOBAL_PROTECT(log_end)
if(GLOB?.configuration?.logging.debug_logging)
rustg_log_write(GLOB.world_game_log, "DEBUG: [text][GLOB.log_end]")
text = html_encode(text)
for(var/client/C in GLOB.admins)
if(check_rights(R_DEBUG | R_VIEWRUNTIMES, FALSE, C.mob) && (C.prefs.toggles & PREFTOGGLE_CHAT_DEBUGLOGS))
to_chat(C, "<span class='debug'>DEBUG: [text]</span>", MESSAGE_TYPE_DEBUG, confidential = TRUE)
+13 -30
View File
@@ -346,35 +346,23 @@
new_text += copytext(text, i, i+1)
return new_text
//This proc strips html properly, but it's not lazy like the other procs.
//This means that it doesn't just remove < and > and call it a day.
//Also limit the size of the input, if specified.
/proc/strip_html_properly(input, max_length = MAX_MESSAGE_LEN, allow_lines = 0)
/// Strips HTML tags (and only tags) from the input.
/// The result may still include HTML entities, like &#39; for '
/proc/strip_html_tags(input, max_length = MAX_MESSAGE_LEN, allow_lines = 0)
if(!input)
return
var/opentag = 1 //These store the position of < and > respectively.
var/closetag = 1
while(1)
opentag = findtext(input, "<")
closetag = findtext(input, ">")
if(closetag && opentag)
if(closetag < opentag)
input = copytext(input, (closetag + 1))
else
input = copytext(input, 1, opentag) + copytext(input, (closetag + 1))
else if(closetag || opentag)
if(opentag)
input = copytext(input, 1, opentag)
else
input = copytext(input, (closetag + 1))
else
break
return ""
var/static/regex/tags = regex("<\[^>]*>", "g")
if(!tags)
tags = regex("<\[^>]*>", "g")
input = tags.Replace(input, "")
if(max_length)
input = copytext_char(input, 1, max_length)
return sanitize(input, allow_lines ? list("\t" = " ") : list("\n" = " ", "\t" = " "))
if(allow_lines)
return sanitize_simple(input, list("\t" = " "))
return sanitize_simple(input, list("\n" = " ", "\t" = " "))
/proc/trim_strip_html_properly(input, max_length = MAX_MESSAGE_LEN, allow_lines = 0)
return trim(strip_html_properly(input, max_length, allow_lines))
/proc/trim_strip_html_tags(input, max_length = MAX_MESSAGE_LEN, allow_lines = 0)
return trim(strip_html_tags(input, max_length, allow_lines))
//Used in preferences' SetFlavorText and human's set_flavor verb
//Previews a string of len or less length
@@ -742,11 +730,6 @@
return null
// Removes HTML tags, preserving text
/proc/strip_html_tags(the_text)
var/static/regex/html_replacer = regex("<\[^>]*>", "g")
return html_replacer.Replace(the_text, "")
/proc/starts_with_vowel(text)
var/start_char = copytext(text, 1, 2)
switch(lowertext(start_char))
@@ -738,7 +738,7 @@ UI STUFF
for(var/datum/ticket_response/TR in T.ticket_responses)
var/list/this_response = list()
this_response["ckey"] = TR.response_user
this_response["text"] = strip_html_tags(TR.response_text) // Dont want to save HTML tags in the thing
this_response["text"] = html_decode(strip_html_tags(TR.response_text)) // Dont want to save HTML stuff to the DB
this_response["time"] = TR.response_time
raw_responses += list(this_response)
+1 -1
View File
@@ -84,7 +84,7 @@ GLOBAL_DATUM_INIT(discord_manager, /datum/discord_manager, new())
else
alerttext = "| **NO MENTORS ONLINE**"
var/message = "[content] [alerttext][add_ping ? handle_mentor_ping() : ""]"
var/message = "[html_decode(strip_html_tags(content))] [alerttext][add_ping ? handle_mentor_ping() : ""]"
var/datum/discord_webhook_payload/dwp = new()
dwp.webhook_content = "**\[[GLOB.configuration.system.instance_id]]** [message]"
+1 -1
View File
@@ -45,7 +45,7 @@ GLOBAL_DATUM_INIT(major_announcement, /datum/announcer, new(config_type = /datum
var/message_sound2 = new_sound2 ? sound(new_sound2) : null
if(!msg_sanitized)
message = trim_strip_html_properly(message, allow_lines = TRUE)
message = html_encode(message)
var/datum/language/message_language = GLOB.all_languages[msg_language ? msg_language : language]
@@ -562,7 +562,7 @@
return
if(!sanitized)
reason = trim_strip_html_properly(reason, allow_lines = TRUE)
reason = trim_strip_html_tags(reason, allow_lines = TRUE)
SSshuttle.requestEvac(user, reason)
log_game("[key_name(user)] has called the shuttle.")
@@ -396,8 +396,7 @@
//Select Your Name
if("Sender")
customsender = input("Please enter the sender's name.")
customsender = trim_strip_html_properly(customsender)
customsender = clean_input("Please enter the sender's name.")
//Select Receiver
if("Recepient")
@@ -416,13 +415,11 @@
//Enter custom job
if("RecJob")
customjob = input("Please enter the sender's job.")
customjob = trim_strip_html_properly(customjob)
customjob = clean_input("Please enter the sender's job.")
//Enter message
if("Message")
custommessage = input("Please enter your message.")
custommessage = trim_strip_html_properly(custommessage)
custommessage = clean_input("Please enter your message.")
//Send message
if("Send")
+2 -6
View File
@@ -104,12 +104,8 @@
if(handle_spam_prevention(msg, MUTE_ADMINHELP, OOC_COOLDOWN))
return
//clean the message if it's not sent by a high-rank admin
if(!check_rights(R_SERVER|R_DEBUG,0))
msg = sanitize_simple(copytext_char(msg, 1, MAX_MESSAGE_LEN))
if(!msg)
return
else
// Let high-rank admins use advanced pencode.
if(check_rights(R_SERVER|R_DEBUG, 0))
msg = admin_pencode_to_html(msg)
var/send_span
+1 -1
View File
@@ -29,7 +29,7 @@
if(listening)
if(findtext(msg, "</span>"))
recorded = strip_html_properly(msg)
recorded = strip_html_tags(msg)
else
recorded = msg
recorded_type = type
+3 -3
View File
@@ -174,16 +174,16 @@
/mob/proc/hear_sleep(message)
var/heard = ""
if(prob(15))
message = strip_html_properly(message)
message = html_decode(strip_html_tags(message))
var/list/punctuation = list(",", "!", ".", ";", "?")
var/list/messages = splittext(message, " ")
if(length(messages) > 0)
var/R = rand(1, length(messages))
var/heardword = messages[R]
if(copytext(heardword,1, 1) in punctuation)
heardword = copytext(heardword,2)
heardword = html_encode(copytext(heardword, 2))
if(copytext(heardword,-1) in punctuation)
heardword = copytext(heardword,1,length(heardword))
heardword = html_encode(copytext(heardword, 1, length(heardword)))
heard = "<span class='game say'>...<i>You hear something about<i>... '[heardword]'...</span>"
else
heard = "<span class='game say'>...<i>You almost hear something...</i>...</span>"
+1 -1
View File
@@ -311,7 +311,7 @@ GLOBAL_LIST_EMPTY(channel_to_radio_key)
return name
/mob/living/whisper(message as text)
message = trim_strip_html_properly(message)
message = trim_strip_html_tags(message)
//parse the language code and consume it
var/list/message_pieces = parse_languages(message)
+1 -1
View File
@@ -200,7 +200,7 @@
var/obj/item/paper/crumpled/P = new(loc)
P.name = name
if(info) // Something written on the paper.
/*var/new_text = strip_html_properly(info, MAX_PAPER_MESSAGE_LEN, TRUE) // Don't want HTML stuff getting gibberished.
/*var/new_text = strip_html_tags(info, MAX_PAPER_MESSAGE_LEN, TRUE) // Don't want HTML stuff getting gibberished.
P.info = Gibberish(new_text, 100)*/
P.info = "<i>Whatever was once written here has been made completely illegible by a combination of chew marks and saliva.</i>"
message_ending = ", the drool making it an unreadable mess!"