emergency HTML/JS injection fix.

sanitation of status display input was missing everywhere.
This commit is contained in:
Walter0o
2014-08-27 14:42:58 +02:00
parent ac6ffacec8
commit 89d2c956ca
3 changed files with 38 additions and 38 deletions
@@ -170,10 +170,10 @@
post_status(href_list["statdisp"])
if("setmsg1" in href_list)
stat_msg1 = reject_bad_text(input("Line 1", "Enter Message Text", stat_msg1) as text|null, 40)
stat_msg1 = reject_bad_text(trim(copytext(sanitize(input("Line 1", "Enter Message Text", stat_msg1) as text|null, 40), 1, MAX_MESSAGE_LEN)))
computer.updateDialog()
if("setmsg2" in href_list)
stat_msg2 = reject_bad_text(input("Line 2", "Enter Message Text", stat_msg2) as text|null, 40)
stat_msg2 = reject_bad_text(trim(copytext(sanitize(input("Line 2", "Enter Message Text", stat_msg2) as text|null, 40), 1, MAX_MESSAGE_LEN)))
computer.updateDialog()
// OMG CENTCOMM LETTERHEAD