Some hotfixes (#17464)

This commit is contained in:
AffectedArc07
2022-03-04 20:57:35 +00:00
committed by GitHub
parent ed3454f577
commit d98aec53b7
6 changed files with 54 additions and 10 deletions
+1 -1
View File
@@ -110,4 +110,4 @@
return
qdel(update_existing_note)
else // They dont have a note. Insert.
add_note(cookie_holder_ckey, serialized_text, adminckey = COOKIERECORD_PSUEDO_CKEY, logged = FALSE, checkrights = FALSE, automated = TRUE)
add_note(cookie_holder_ckey, serialized_text, adminckey = COOKIERECORD_PSUEDO_CKEY, logged = FALSE, checkrights = FALSE, automated = TRUE, sanitise_html = FALSE) // No sanitize because we rely on formatting
+13 -5
View File
@@ -1,6 +1,13 @@
/proc/add_note(target_ckey, notetext, timestamp, adminckey, logged = 1, checkrights = 1, show_after = TRUE, automated = FALSE)
/proc/add_note(target_ckey, notetext, timestamp, adminckey, logged = 1, checkrights = 1, show_after = TRUE, automated = FALSE, sanitise_html = TRUE) // Dont you EVER disable this last param unless you know what you're doing
if(checkrights && !check_rights(R_ADMIN|R_MOD))
return
if(IsAdminAdvancedProcCall() && !sanitise_html)
// *sigh*
to_chat(usr, "<span class='boldannounce'>Unsanitized note add blocked: Advanced ProcCall detected.</span>")
message_admins("[key_name(usr)] attempted to possibly inject HTML into notes via advanced proc-call")
log_admin("[key_name(usr)] attempted to possibly inject HTML into notes via advanced proc-call")
return
if(!SSdbcore.IsConnected())
if(usr)
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
@@ -55,14 +62,15 @@
// Force cast this to 1/0 incase someone tries to feed bad data
automated = !!automated
var/safe_text = html_encode(notetext)
if(sanitise_html)
notetext = html_encode(notetext)
var/datum/db_query/query_noteadd = SSdbcore.NewQuery({"
INSERT INTO notes (ckey, timestamp, notetext, adminckey, server, crew_playtime, round_id, automated)
VALUES (:targetckey, NOW(), :notetext, :adminkey, :server, :crewnum, :roundid, :automated)
"}, list(
"targetckey" = target_ckey,
"notetext" = safe_text,
"notetext" = notetext,
"adminkey" = adminckey,
"server" = GLOB.configuration.system.instance_id,
"crewnum" = crew_number,
@@ -74,8 +82,8 @@
return
qdel(query_noteadd)
if(logged)
log_admin("[usr ? key_name(usr) : adminckey] has added a note to [target_ckey]: [safe_text]")
message_admins("[usr ? key_name_admin(usr) : adminckey] has added a note to [target_ckey]:<br>[safe_text]")
log_admin("[usr ? key_name(usr) : adminckey] has added a note to [target_ckey]: [notetext]")
message_admins("[usr ? key_name_admin(usr) : adminckey] has added a note to [target_ckey]:<br>[notetext]")
if(show_after)
show_note(target_ckey)
+2 -2
View File
@@ -983,14 +983,14 @@
*/
/client/proc/retrieve_byondacc_data()
// Do not refactor this to use SShttp, because that requires the subsystem to be firing for requests to be made, and this will be triggered before the MC has finished loading
var/list/http[] = world.Export("http://www.byond.com/members/[ckey]?format=text")
var/list/http[] = HTTPGet("http://www.byond.com/members/[ckey]?format=text")
if(http)
var/status = text2num(http["STATUS"])
if(status == 200)
// This is wrapped in try/catch because lummox could change the format on any day without informing anyone
try
var/list/lines = splittext(file2text(http["CONTENT"]), "\n")
var/list/lines = splittext(http["CONTENT"], "\n")
var/list/initial_data = list()
var/current_index = ""
for(var/L in lines)