Merge commit from fork

* sanitize ->title and ->title * Resolves unsanitised player input --------- Co-authored-by: Singe-Horizontal <[email protected]>
rathena · Sep 16, 2024 · 43c61e8 · 43c61e8
1 parent 84f6d51
commit 43c61e8
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/themes/default/buyingstore/index.php b/themes/default/buyingstore/index.php
@@ -36,9 +36,9 @@
 					<td>
 					  <img src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" />
 					 <?php if ($auth->actionAllowed('buyingstore', 'viewshop')): ?>
-							<a href="<?php echo $this->url('buyingstore', 'viewshop', array("id" => $store->id)); ?>"><?php echo $store->title; ?></a>
+							<a href="<?php echo $this->url('buyingstore', 'viewshop', array("id" => $store->id)); ?>"><?php echo htmlspecialchars($store->title); ?></a>
 						<?php else: ?>
-							<?php echo $store->title ?>
+							<?php echo htmlspecialchars($store->title) ?>
 						<?php endif ?>
 					</td>
 

diff --git a/themes/default/buyingstore/viewshop.php b/themes/default/buyingstore/viewshop.php
@@ -1,7 +1,7 @@
 <?php if (!defined('FLUX_ROOT')) exit; ?>
 <h2><?php echo htmlspecialchars($title); ?></h2>
 <?php if ($store): ?>
-	<h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo $store->title ?> </h3>
+	<h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo htmlspecialchars($store->title) ?> </h3>
 	<h4 style="text-align:right; color:blue; margin:0; margin-bottom:15px; "> <?php echo $store->map; ?>, <?php echo $store->x; ?>, <?php echo $store->y; ?> </h4>
 
 	<?php if ($items): ?>

diff --git a/themes/default/vending/index.php b/themes/default/vending/index.php
@@ -30,9 +30,9 @@
                     <td>
                        <img src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" />
                       <?php if ($auth->actionAllowed('vending', 'viewshop')): ?>
-                            <a href="<?php echo $this->url('vending', 'viewshop', array("id" => $vending->id)); ?>"><?php echo $vending->title; ?></a>
+                            <a href="<?php echo $this->url('vending', 'viewshop', array("id" => $vending->id)); ?>"><?php echo htmlspecialchars($vending->title); ?></a>
                         <?php else: ?>
-                            <?php echo $vending->title ?>
+                            <?php echo htmlspecialchars($vending->title) ?>
                         <?php endif ?>
                     </td>
 

diff --git a/themes/default/vending/viewshop.php b/themes/default/vending/viewshop.php
@@ -1,7 +1,7 @@
 <?php if (!defined('FLUX_ROOT')) exit; ?>
 <h2><?php echo htmlspecialchars($title); ?></h2>
 <?php if ($vending): ?>
-    <h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo $vending->title ?> </h3>
+    <h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo htmlspecialchars($vending->title) ?> </h3>
     <h4 style="text-align:right; color:blue; margin:0; margin-bottom:15px; "> <?php echo $vending->map; ?>, <?php echo $vending->x; ?>, <?php echo $vending->y; ?> </h4>
 
     <?php if ($vending_items): ?>