Merge pull request #8380 from volas/sanitize_procs

[DNM] sanitize() and text.dm refactoring
This commit is contained in:
Zuhayr
2015-03-29 00:57:33 +10:30
124 changed files with 418 additions and 547 deletions
+1 -1
View File
@@ -181,7 +181,7 @@ datum/admins/proc/DB_ban_edit(var/banid = null, var/param = null)
switch(param)
if("reason")
if(!value)
value = input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text
value = sanitize(input("Insert the new reason for [pckey]'s ban", "New Reason", "[reason]", null) as null|text)
value = sql_sanitize_text(value)
if(!value)
usr << "Cancelled"
+2 -2
View File
@@ -725,10 +725,10 @@ var/global/floorIsLava = 0
set desc="Announce your desires to the world"
if(!check_rights(0)) return
var/message = input("Global message to send:", "Admin Announce", null, null) as message
var/message = input("Global message to send:", "Admin Announce", null, null) as message//todo: sanitize for all?
if(message)
if(!check_rights(R_SERVER,0))
message = adminscrub(message,500)
message = sanitize(message, 500, extra = 0)
world << "\blue <b>[usr.client.holder.fakekey ? "Administrator" : usr.key] Announces:</b>\n \t [message]"
log_admin("Announce: [key_name(usr)] : [message]")
feedback_add_details("admin_verb","A") //If you are copy-pasting this, ensure the 2nd parameter is unique to the new proc!
+1 -1
View File
@@ -16,7 +16,7 @@
/client/proc/admin_memo_write()
var/savefile/F = new(MEMOFILE)
if(F)
var/memo = input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message
var/memo = sanitize(input(src,"Type your memo\n(Leaving it blank will delete your current memo):","Write Memo",null) as null|message, extra = 0)
switch(memo)
if(null)
return
+2 -2
View File
@@ -617,7 +617,7 @@ var/list/admin_verbs_mentor = list(
set name = "Make Sound"
set desc = "Display a message to everyone who can hear the target"
if(O)
var/message = input("What do you want the message to be?", "Make Sound") as text|null
var/message = sanitize(input("What do you want the message to be?", "Make Sound") as text|null)
if(!message)
return
for (var/mob/V in hearers(O))
@@ -709,7 +709,7 @@ var/list/admin_verbs_mentor = list(
return
if(holder)
var/new_name = trim_strip_input(src, "Enter new name. Leave blank or as is to cancel.", "Enter new silicon name", S.real_name)
var/new_name = sanitizeSafe(input(src, "Enter new name. Leave blank or as is to cancel.", "Enter new silicon name", S.real_name))
if(new_name && new_name != S.real_name)
admin_log_and_message_admins("has renamed the silicon '[S.real_name]' to '[new_name]'")
S.SetName(new_name)
+17 -24
View File
@@ -328,12 +328,12 @@
mins = min(525599,mins)
minutes = CMinutes + mins
duration = GetExp(minutes)
reason = input(usr,"Reason?","reason",reason2) as text|null
reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null)
if(!reason) return
if("No")
temp = 0
duration = "Perma"
reason = input(usr,"Reason?","reason",reason2) as text|null
reason = sanitize(input(usr,"Reason?","reason",reason2) as text|null)
if(!reason) return
log_admin("[key_name(usr)] edited [banned_key]'s ban. Reason: [reason] Duration: [duration]")
@@ -655,7 +655,7 @@
var/mins = input(usr,"How long (in minutes)?","Ban time",1440) as num|null
if(!mins)
return
var/reason = input(usr,"Reason?","Please State Reason","") as text|null
var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null)
if(!reason)
return
@@ -680,7 +680,7 @@
return 1
if("No")
if(!check_rights(R_BAN)) return
var/reason = input(usr,"Reason?","Please State Reason","") as text|null
var/reason = sanitize(input(usr,"Reason?","Please State Reason","") as text|null)
if(reason)
var/msg
for(var/job in notbannedlist)
@@ -737,7 +737,7 @@
if (ismob(M))
if(!check_if_greater_rights_than(M.client))
return
var/reason = input("Please enter reason")
var/reason = sanitize(input("Please enter reason"))
if(!reason)
M << "\red You have been kicked from the server"
else
@@ -794,7 +794,7 @@
if(!mins)
return
if(mins >= 525600) mins = 525599
var/reason = input(usr,"Reason?","reason","Griefer") as text|null
var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null)
if(!reason)
return
AddBan(M.ckey, M.computer_id, reason, usr.ckey, 1, mins)
@@ -815,7 +815,7 @@
//del(M) // See no reason why to delete mob. Important stuff can be lost. And ban can be lifted before round ends.
if("No")
if(!check_rights(R_BAN)) return
var/reason = input(usr,"Reason?","reason","Griefer") as text|null
var/reason = sanitize(input(usr,"Reason?","reason","Griefer") as text|null)
if(!reason)
return
switch(alert(usr,"IP ban?",,"Yes","No","Cancel"))
@@ -1341,7 +1341,7 @@
usr << "The person you are trying to contact is not wearing a headset"
return
var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", "")
var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from Centcomm", ""))
if(!input) return
src.owner << "You sent [input] to [H] via a secure channel."
@@ -1358,7 +1358,7 @@
usr << "The person you are trying to contact is not wearing a headset"
return
var/input = input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", "")
var/input = sanitize(input(src.owner, "Please enter a message to reply to [key_name(H)] via their headset.","Outgoing message from a shadowy figure...", ""))
if(!input) return
src.owner << "You sent [input] to [H] via a secure channel."
@@ -1405,6 +1405,7 @@
var/mob/sender = locate(href_list["CentcommFaxReply"])
var/obj/machinery/photocopier/faxmachine/fax = locate(href_list["originfax"])
//todo: sanitize
var/input = input(src.owner, "Please enter a message to reply to [key_name(sender)] via secure connection. NOTE: BBCode does not work, but HTML tags do! Use <br> for line breaks.", "Outgoing message from Centcomm", "") as message|null
if(!input) return
@@ -2388,9 +2389,7 @@
src.access_news_network()
else if(href_list["ac_set_channel_name"])
src.admincaster_feed_channel.channel_name = strip_html_simple(input(usr, "Provide a Feed Channel Name", "Network Channel Handler", ""))
while (findtext(src.admincaster_feed_channel.channel_name," ") == 1)
src.admincaster_feed_channel.channel_name = copytext(src.admincaster_feed_channel.channel_name,2,lentext(src.admincaster_feed_channel.channel_name)+1)
src.admincaster_feed_channel.channel_name = sanitizeSafe(input(usr, "Provide a Feed Channel Name", "Network Channel Handler", ""))
src.access_news_network()
else if(href_list["ac_set_channel_lock"])
@@ -2423,13 +2422,11 @@
var/list/available_channels = list()
for(var/datum/feed_channel/F in news_network.network_channels)
available_channels += F.channel_name
src.admincaster_feed_channel.channel_name = adminscrub(input(usr, "Choose receiving Feed Channel", "Network Channel Handler") in available_channels )
src.admincaster_feed_channel.channel_name = sanitizeSafe(input(usr, "Choose receiving Feed Channel", "Network Channel Handler") in available_channels )
src.access_news_network()
else if(href_list["ac_set_new_message"])
src.admincaster_feed_message.body = adminscrub(input(usr, "Write your Feed story", "Network Channel Handler", ""))
while (findtext(src.admincaster_feed_message.body," ") == 1)
src.admincaster_feed_message.body = copytext(src.admincaster_feed_message.body,2,lentext(src.admincaster_feed_message.body)+1)
src.admincaster_feed_message.body = sanitize(input(usr, "Write your Feed story", "Network Channel Handler", ""))
src.access_news_network()
else if(href_list["ac_submit_new_message"])
@@ -2471,15 +2468,11 @@
src.access_news_network()
else if(href_list["ac_set_wanted_name"])
src.admincaster_feed_message.author = adminscrub(input(usr, "Provide the name of the Wanted person", "Network Security Handler", ""))
while (findtext(src.admincaster_feed_message.author," ") == 1)
src.admincaster_feed_message.author = copytext(admincaster_feed_message.author,2,lentext(admincaster_feed_message.author)+1)
src.admincaster_feed_message.author = sanitize(input(usr, "Provide the name of the Wanted person", "Network Security Handler", ""))
src.access_news_network()
else if(href_list["ac_set_wanted_desc"])
src.admincaster_feed_message.body = adminscrub(input(usr, "Provide the a description of the Wanted person and any other details you deem important", "Network Security Handler", ""))
while (findtext(src.admincaster_feed_message.body," ") == 1)
src.admincaster_feed_message.body = copytext(src.admincaster_feed_message.body,2,lentext(src.admincaster_feed_message.body)+1)
src.admincaster_feed_message.body = sanitize(input(usr, "Provide the a description of the Wanted person and any other details you deem important", "Network Security Handler", ""))
src.access_news_network()
else if(href_list["ac_submit_wanted"])
@@ -2584,7 +2577,7 @@
src.access_news_network()
else if(href_list["ac_set_signature"])
src.admincaster_signature = adminscrub(input(usr, "Provide your desired signature", "Network Identity Handler", ""))
src.admincaster_signature = sanitize(input(usr, "Provide your desired signature", "Network Identity Handler", ""))
src.access_news_network()
else if(href_list["populate_inactive_customitems"])
@@ -2622,7 +2615,7 @@
if(href_list["add_player_info"])
var/key = href_list["add_player_info"]
var/add = input("Add Player Info") as null|text
var/add = sanitize(input("Add Player Info") as null|text)
if(!add) return
notes_add(key,add,usr)
+2 -2
View File
@@ -23,7 +23,7 @@ var/list/adminhelp_ignored_words = list("unknown","the","a","an","of","monkey","
//clean the input msg
if(!msg)
return
msg = sanitize(copytext(msg,1,MAX_MESSAGE_LEN))
msg = sanitize(msg)
if(!msg)
return
var/original_msg = msg
@@ -88,7 +88,7 @@ var/list/adminhelp_ignored_words = list("unknown","the","a","an","of","monkey","
if(ai_found)
ai_cl = " (<A HREF='?_src_=holder;adminchecklaws=\ref[mob]'>CL</A>)"
//Options bar: mob, details ( admin = 2, dev = 3, mentor = 4, character name (0 = just ckey, 1 = ckey and character name), link? (0 no don't make it a link, 1 do so),
//Options bar: mob, details ( admin = 2, dev = 3, mentor = 4, character name (0 = just ckey, 1 = ckey and character name), link? (0 no don't make it a link, 1 do so),
// highlight special roles (0 = everyone has same looking name, 1 = antags / special roles get a golden name)
var/mentor_msg = "\blue <b><font color=red>Request for Help: </font>[get_options_bar(mob, 4, 1, 1, 0)][ai_cl]:</b> [msg]"
+3 -2
View File
@@ -60,8 +60,9 @@
return
//clean the message if it's not sent by a high-rank admin
//todo: sanitize for all???
if(!check_rights(R_SERVER|R_DEBUG,0))
msg = sanitize(copytext(msg,1,MAX_MESSAGE_LEN))
msg = sanitize(msg)
if(!msg) return
var/recieve_pm_type = "Player"
@@ -91,7 +92,7 @@
spawn(0) //so we don't hold the caller proc up
var/sender = src
var/sendername = key
var/reply = input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null //show message and await a reply
var/reply = sanitize(input(C, msg,"[recieve_pm_type] PM from [sendername]", "") as text|null) //show message and await a reply
if(C && reply)
if(sender)
C.cmd_admin_pm(sender,reply) //sender is still about, let's reply to them
+2 -2
View File
@@ -4,7 +4,7 @@
set hidden = 1
if(!check_rights(R_ADMIN)) return
msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN))
msg = sanitize(msg)
if(!msg) return
log_admin("[key_name(src)] : [msg]")
@@ -23,7 +23,7 @@
if(!check_rights(R_ADMIN|R_MOD|R_MENTOR)) return
msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN))
msg = sanitize(msg)
log_admin("MOD: [key_name(src)] : [msg]")
if (!msg)
+1 -1
View File
@@ -5,7 +5,7 @@
if(!check_rights(R_ADMIN)) return
msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN))
msg = sanitize(msg)
if(!msg) return
var/display_name = src.key
+3 -3
View File
@@ -7,7 +7,7 @@
src << "Only administrators may use this command."
return
var/input = input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null
var/input = sanitize(input(usr, "Enter the description of the custom event. Be descriptive. To cancel the event, make this blank or hit cancel.", "Custom Event", custom_event_msg) as message|null, MAX_BOOK_MESSAGE_LEN, extra = 0)
if(!input || input == "")
custom_event_msg = null
log_admin("[usr.key] has cleared the custom event text.")
@@ -21,7 +21,7 @@
world << "<h1 class='alert'>Custom Event</h1>"
world << "<h2 class='alert'>A custom event is starting. OOC Info:</h2>"
world << "<span class='alert'>[html_encode(custom_event_msg)]</span>"
world << "<span class='alert'>[custom_event_msg]</span>"
world << "<br>"
// normal verb for players to view info
@@ -36,5 +36,5 @@
src << "<h1 class='alert'>Custom Event</h1>"
src << "<h2 class='alert'>A custom event is taking place. OOC Info:</h2>"
src << "<span class='alert'>[html_encode(custom_event_msg)]</span>"
src << "<span class='alert'>[custom_event_msg]</span>"
src << "<br>"
+1 -1
View File
@@ -29,7 +29,7 @@
if (src.holder.rights & R_ADMIN)
stafftype = "ADMIN"
msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN))
msg = sanitize(msg)
log_admin("[key_name(src)] : [msg]")
if (!msg)
+1 -1
View File
@@ -205,7 +205,7 @@ But you can call procs that are of type /mob/living/carbon/human/proc/ for that
return 0
var/obj/item/device/paicard/card = new(T)
var/mob/living/silicon/pai/pai = new(card)
pai.name = input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text
pai.name = sanitizeSafe(input(choice, "Enter your pAI name:", "pAI Name", "Personal AI") as text)
pai.real_name = pai.name
pai.key = choice.key
card.setPersonality(pai)
+1 -1
View File
@@ -168,7 +168,7 @@
return .(O.vars[variable])
if("text")
var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null
var/new_value = input("Enter new text:","Text",O.vars[variable]) as text|null//todo: sanitize ???
if(new_value == null) return
O.vars[variable] = new_value
+4 -4
View File
@@ -44,7 +44,7 @@ var/list/forbidden_varedit_object_types = list(
switch(class)
if("text")
var_value = input("Enter new text:","Text") as null|text
var_value = input("Enter new text:","Text") as null|text//todo: sanitize ???
if("num")
var_value = input("Enter new number:","Num") as null|num
@@ -93,7 +93,7 @@ var/list/forbidden_varedit_object_types = list(
switch(class)
if("text")
var_value = input("Enter new text:","Text") as text
var_value = input("Enter new text:","Text") as text//todo: sanitize ???
if("num")
var_value = input("Enter new number:","Num") as num
@@ -243,7 +243,7 @@ var/list/forbidden_varedit_object_types = list(
return
if("text")
L[L.Find(variable)] = input("Enter new text:","Text") as text
L[L.Find(variable)] = input("Enter new text:","Text") as text//todo: sanitize ???
if("num")
L[L.Find(variable)] = input("Enter new number:","Num") as num
@@ -450,7 +450,7 @@ var/list/forbidden_varedit_object_types = list(
return .(O.vars[variable])
if("text")
var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text
var/var_new = input("Enter new text:","Text",O.vars[variable]) as null|text//todo: sanitize ???
if(var_new==null) return
O.vars[variable] = var_new
+3 -3
View File
@@ -6,7 +6,7 @@
usr << "\red Speech is currently admin-disabled."
return
msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN))
msg = sanitize(msg)
if(!msg) return
if(usr.client)
@@ -29,14 +29,14 @@
//log_admin("HELP: [key_name(src)]: [msg]")
/proc/Centcomm_announce(var/text , var/mob/Sender , var/iamessage)
var/msg = sanitize(copytext(text, 1, MAX_MESSAGE_LEN))
var/msg = sanitize(text)
msg = "\blue <b><font color=orange>CENTCOMM[iamessage ? " IA" : ""]:</font>[key_name(Sender, 1)] (<A HREF='?_src_=holder;adminplayeropts=\ref[Sender]'>PP</A>) (<A HREF='?_src_=vars;Vars=\ref[Sender]'>VV</A>) (<A HREF='?_src_=holder;subtlemessage=\ref[Sender]'>SM</A>) (<A HREF='?_src_=holder;adminplayerobservejump=\ref[Sender]'>JMP</A>) (<A HREF='?_src_=holder;secretsadmin=check_antagonist'>CA</A>) (<A HREF='?_src_=holder;BlueSpaceArtillery=\ref[Sender]'>BSA</A>) (<A HREF='?_src_=holder;CentcommReply=\ref[Sender]'>RPLY</A>):</b> [msg]"
for(var/client/C in admins)
if(R_ADMIN & C.holder.rights)
C << msg
/proc/Syndicate_announce(var/text , var/mob/Sender)
var/msg = sanitize(copytext(text, 1, MAX_MESSAGE_LEN))
var/msg = sanitize(text)
msg = "\blue <b><font color=crimson>ILLEGAL:</font>[key_name(Sender, 1)] (<A HREF='?_src_=holder;adminplayeropts=\ref[Sender]'>PP</A>) (<A HREF='?_src_=vars;Vars=\ref[Sender]'>VV</A>) (<A HREF='?_src_=holder;subtlemessage=\ref[Sender]'>SM</A>) (<A HREF='?_src_=holder;adminplayerobservejump=\ref[Sender]'>JMP</A>) (<A HREF='?_src_=holder;secretsadmin=check_antagonist'>CA</A>) (<A HREF='?_src_=holder;BlueSpaceArtillery=\ref[Sender]'>BSA</A>) (<A HREF='?_src_=holder;SyndicateReply=\ref[Sender]'>RPLY</A>):</b> [msg]"
for(var/client/C in admins)
if(R_ADMIN & C.holder.rights)
+6 -6
View File
@@ -52,7 +52,7 @@
src << "Only administrators may use this command."
return
var/msg = input("Message:", text("Subtle PM to [M.key]")) as text
var/msg = sanitize(input("Message:", text("Subtle PM to [M.key]")) as text)
if (!msg)
return
@@ -109,7 +109,7 @@
src << "Only administrators may use this command."
return
var/msg = input("Message:", text("Enter the text you wish to appear to everyone:")) as text
var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to everyone:")) as text)
if (!msg)
return
@@ -132,7 +132,7 @@
if(!M)
return
var/msg = input("Message:", text("Enter the text you wish to appear to your target:")) as text
var/msg = sanitize(input("Message:", text("Enter the text you wish to appear to your target:")) as text)
if( !msg )
return
@@ -462,7 +462,7 @@ Traitors and the like can also be revived with the previous role mostly intact.
if(!holder)
src << "Only administrators may use this command."
return
var/input = input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null
var/input = sanitize(input(usr, "Please enter anything you want the AI to do. Anything. Serious.", "What?", "") as text|null)
if(!input)
return
for(var/mob/living/silicon/ai/M in mob_list)
@@ -510,8 +510,8 @@ Traitors and the like can also be revived with the previous role mostly intact.
if(!holder)
src << "Only administrators may use this command."
return
var/input = input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null
var/customname = input(usr, "Pick a title for the report.", "Title") as text|null
var/input = sanitize(input(usr, "Please enter anything you want. Anything. Serious.", "What?", "") as message|null, extra = 0)
var/customname = sanitizeSafe(input(usr, "Pick a title for the report.", "Title") as text|null)
if(!input)
return
if(!customname)
+1 -1
View File
@@ -43,7 +43,7 @@ var/const/commandos_possible = 6 //if more Commandos are needed in the future
choice = null
while(!choice)
choice = sanitize(copytext(input(src, "Please specify which mission the strike team shall undertake.", "Specify Mission", ""),1,MAX_MESSAGE_LEN))
choice = sanitize(input(src, "Please specify which mission the strike team shall undertake.", "Specify Mission", ""))
if(!choice)
if(alert("Error, no mission set. Do you want to exit the setup process?",,"Yes","No")=="Yes")
return