From c8aeec815a4c5764d3202c555b7e88373245a764 Mon Sep 17 00:00:00 2001 From: ktccd Date: Sun, 24 Sep 2017 10:15:02 +0200 Subject: [PATCH] Adds sanitation to flavor_text (#2926) Exactly what it sounds like. Boy, my security skills are shit, for someone who's supposed to be studying exactly this shit at uni, isn't it? --- code/modules/client/preferences.dm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/modules/client/preferences.dm b/code/modules/client/preferences.dm index 1df28192db..a127e7608f 100644 --- a/code/modules/client/preferences.dm +++ b/code/modules/client/preferences.dm @@ -170,7 +170,7 @@ GLOBAL_LIST_EMPTY(preferences_datums) var/parallax var/uplink_spawn_loc = UPLINK_PDA - + var/list/exp var/list/menuoptions @@ -922,7 +922,7 @@ GLOBAL_LIST_EMPTY(preferences_datums) if("flavor_text") var/msg = input(usr,"Set the flavor text in your 'examine' verb. This can also be used for OOC notes and preferences!","Flavor Text",html_decode(features["flavor_text"])) as message if(msg != null) - msg = copytext(msg, 1, MAX_MESSAGE_LEN) + msg = sanitize(copytext(msg, 1, MAX_MESSAGE_LEN)) msg = html_encode(msg) features["flavor_text"] = msg