mod panel security concern
This commit is contained in:
Austin
parent
a423c05a80
commit
bfcc39040b
|
|
@ -6615,6 +6615,14 @@ function cleanOutput($t, $linebreaks=true) {
|
|||
return filterText($t);
|
||||
}
|
||||
|
||||
function cleanOutputNoFilter($t, $linebreaks=true) {
|
||||
$t = htmlentities($t);
|
||||
if ($linebreaks) {
|
||||
$t = nl2br($t);
|
||||
}
|
||||
return strip_tags($t, '<br>');
|
||||
}
|
||||
|
||||
//theme stuff
|
||||
function setTheme($theme) //sets the users theme
|
||||
{
|
||||
|
|
|
|||
|
|
@ -74,13 +74,13 @@ foreach($messages as $message)
|
|||
{
|
||||
$userid = $message['whoSent'];
|
||||
$gameAssetId = $message['gameAssetId'];
|
||||
$loggedMessage = $message['message'];
|
||||
$loggedMessage = cleanOutputNoFilter($message['message']);
|
||||
$whenlogged = date("m/d/Y", $message['whenSent']);
|
||||
$loggedMessages = array(
|
||||
"userid" => $userid,
|
||||
"username" => getUsername($userid),
|
||||
"username" => cleanOutputNoFilter(getUsername($userid)),
|
||||
"thumbnail" => getPlayerRender($userid),
|
||||
"placeName" => getAssetInfo($gameAssetId)->Name,
|
||||
"placeName" => cleanOutputNoFilter(getAssetInfo($gameAssetId)->Name),
|
||||
"placeId" => $gameAssetId,
|
||||
"message" => $loggedMessage,
|
||||
"date" => $whenlogged
|
||||
|
|
|
|||
|
|
@ -61,8 +61,8 @@ foreach($assets as $asset)
|
|||
$assetid = $asset['id'];
|
||||
$creatorid = $asset['CreatorId'];
|
||||
$assettypeid = $asset['AssetTypeId'];
|
||||
$name = cleanOutput($asset['Name']);
|
||||
$desc = cleanOutput($asset['Description']); //description of the game
|
||||
$name = cleanOutputNoFilter($asset['Name']);
|
||||
$desc = cleanOutputNoFilter($asset['Description']); //description of the game
|
||||
$creatorname = getUsername($creatorid); //creator of the game username
|
||||
$image = "";
|
||||
if ($assettypeid == 2|| $assettypeid == 11 || $assettypeid == 12) { //tshirts, shirts and pants
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ if ($validXML) {
|
|||
$commentdata = explode(";", $ParsedXML->comment);
|
||||
|
||||
$abuserid = (int)filter_var($commentdata[0], FILTER_SANITIZE_NUMBER_INT);
|
||||
$reportreason = (string)trim($commentdata[1]);
|
||||
$reportdescription = (string)$commentdata[2];
|
||||
$reportreason = (string)cleanOutputNoFilter(trim($commentdata[1]));
|
||||
$reportdescription = (string)cleanOutputNoFilter($commentdata[2]);
|
||||
|
||||
$chats = $ParsedXML->xpath('//message');
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ if ($validXML) {
|
|||
foreach($chats as $chat) {
|
||||
$userid = (int)$chat['userID'];
|
||||
$username = (string)getUsername($userid);
|
||||
$userchat = (string)$chat;
|
||||
$userchat = (string)cleanOutputNoFilter($chat);
|
||||
|
||||
$chatData = array(
|
||||
"username" => $username,
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ if ($b->rowCount() > 0)
|
|||
{
|
||||
$banneddate = date("m/d/Y", $bannedplayer['whenBanned']);
|
||||
$bannedusername = getUsername($bannedplayer['uid']);
|
||||
$bannedreason = cleanOutput($bannedplayer['banReason']);
|
||||
$bannedreason = cleanOutputNoFilter($bannedplayer['banReason']);
|
||||
$bannedExpiration = (int)$bannedplayer['banExpiration'];
|
||||
$bannedType = (int)$bannedplayer['banType'];
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue