mod panel security concern
This commit is contained in:
Austin
parent
a423c05a80
commit
bfcc39040b
|
|
@ -6615,6 +6615,14 @@ function cleanOutput($t, $linebreaks=true) {
|
||||||
return filterText($t);
|
return filterText($t);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function cleanOutputNoFilter($t, $linebreaks=true) {
|
||||||
|
$t = htmlentities($t);
|
||||||
|
if ($linebreaks) {
|
||||||
|
$t = nl2br($t);
|
||||||
|
}
|
||||||
|
return strip_tags($t, '<br>');
|
||||||
|
}
|
||||||
|
|
||||||
//theme stuff
|
//theme stuff
|
||||||
function setTheme($theme) //sets the users theme
|
function setTheme($theme) //sets the users theme
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -74,13 +74,13 @@ foreach($messages as $message)
|
||||||
{
|
{
|
||||||
$userid = $message['whoSent'];
|
$userid = $message['whoSent'];
|
||||||
$gameAssetId = $message['gameAssetId'];
|
$gameAssetId = $message['gameAssetId'];
|
||||||
$loggedMessage = $message['message'];
|
$loggedMessage = cleanOutputNoFilter($message['message']);
|
||||||
$whenlogged = date("m/d/Y", $message['whenSent']);
|
$whenlogged = date("m/d/Y", $message['whenSent']);
|
||||||
$loggedMessages = array(
|
$loggedMessages = array(
|
||||||
"userid" => $userid,
|
"userid" => $userid,
|
||||||
"username" => getUsername($userid),
|
"username" => cleanOutputNoFilter(getUsername($userid)),
|
||||||
"thumbnail" => getPlayerRender($userid),
|
"thumbnail" => getPlayerRender($userid),
|
||||||
"placeName" => getAssetInfo($gameAssetId)->Name,
|
"placeName" => cleanOutputNoFilter(getAssetInfo($gameAssetId)->Name),
|
||||||
"placeId" => $gameAssetId,
|
"placeId" => $gameAssetId,
|
||||||
"message" => $loggedMessage,
|
"message" => $loggedMessage,
|
||||||
"date" => $whenlogged
|
"date" => $whenlogged
|
||||||
|
|
|
||||||
|
|
@ -61,8 +61,8 @@ foreach($assets as $asset)
|
||||||
$assetid = $asset['id'];
|
$assetid = $asset['id'];
|
||||||
$creatorid = $asset['CreatorId'];
|
$creatorid = $asset['CreatorId'];
|
||||||
$assettypeid = $asset['AssetTypeId'];
|
$assettypeid = $asset['AssetTypeId'];
|
||||||
$name = cleanOutput($asset['Name']);
|
$name = cleanOutputNoFilter($asset['Name']);
|
||||||
$desc = cleanOutput($asset['Description']); //description of the game
|
$desc = cleanOutputNoFilter($asset['Description']); //description of the game
|
||||||
$creatorname = getUsername($creatorid); //creator of the game username
|
$creatorname = getUsername($creatorid); //creator of the game username
|
||||||
$image = "";
|
$image = "";
|
||||||
if ($assettypeid == 2|| $assettypeid == 11 || $assettypeid == 12) { //tshirts, shirts and pants
|
if ($assettypeid == 2|| $assettypeid == 11 || $assettypeid == 12) { //tshirts, shirts and pants
|
||||||
|
|
|
||||||
|
|
@ -41,8 +41,8 @@ if ($validXML) {
|
||||||
$commentdata = explode(";", $ParsedXML->comment);
|
$commentdata = explode(";", $ParsedXML->comment);
|
||||||
|
|
||||||
$abuserid = (int)filter_var($commentdata[0], FILTER_SANITIZE_NUMBER_INT);
|
$abuserid = (int)filter_var($commentdata[0], FILTER_SANITIZE_NUMBER_INT);
|
||||||
$reportreason = (string)trim($commentdata[1]);
|
$reportreason = (string)cleanOutputNoFilter(trim($commentdata[1]));
|
||||||
$reportdescription = (string)$commentdata[2];
|
$reportdescription = (string)cleanOutputNoFilter($commentdata[2]);
|
||||||
|
|
||||||
$chats = $ParsedXML->xpath('//message');
|
$chats = $ParsedXML->xpath('//message');
|
||||||
|
|
||||||
|
|
@ -58,7 +58,7 @@ if ($validXML) {
|
||||||
foreach($chats as $chat) {
|
foreach($chats as $chat) {
|
||||||
$userid = (int)$chat['userID'];
|
$userid = (int)$chat['userID'];
|
||||||
$username = (string)getUsername($userid);
|
$username = (string)getUsername($userid);
|
||||||
$userchat = (string)$chat;
|
$userchat = (string)cleanOutputNoFilter($chat);
|
||||||
|
|
||||||
$chatData = array(
|
$chatData = array(
|
||||||
"username" => $username,
|
"username" => $username,
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,7 @@ if ($b->rowCount() > 0)
|
||||||
{
|
{
|
||||||
$banneddate = date("m/d/Y", $bannedplayer['whenBanned']);
|
$banneddate = date("m/d/Y", $bannedplayer['whenBanned']);
|
||||||
$bannedusername = getUsername($bannedplayer['uid']);
|
$bannedusername = getUsername($bannedplayer['uid']);
|
||||||
$bannedreason = cleanOutput($bannedplayer['banReason']);
|
$bannedreason = cleanOutputNoFilter($bannedplayer['banReason']);
|
||||||
$bannedExpiration = (int)$bannedplayer['banExpiration'];
|
$bannedExpiration = (int)$bannedplayer['banExpiration'];
|
||||||
$bannedType = (int)$bannedplayer['banType'];
|
$bannedType = (int)$bannedplayer['banType'];
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue