From: Michael Andreen <harv@ruin.nu>
Date: Sat, 20 Sep 2008 09:21:13 +0000 (+0200)
Subject: Escape shiptypes
X-Git-Url: https://ruin.nu/git/%3CTMPL_VAR%20NAME=PAGE%3E?a=commitdiff_plain;h=d0625f3ae0d3c4d9b64a52f2632d9a1d568e98aa;p=NDIRC.git

Escape shiptypes
---

diff --git a/Def.pm b/Def.pm
index e9647d6..9e7f53c 100644
--- a/Def.pm
+++ b/Def.pm
@@ -23,6 +23,7 @@ use ND::DB;
 use ND::Include;
 use NDIRC::Access;
 use NDIRC::Misc;
+use CGI qw/:standard/;
 require Exporter;
 
 our @ISA = qw/Exporter/;
@@ -108,6 +109,7 @@ sub setType {
 				});
 			$fleet->execute($id);
 		}	
+		$type = escapeHTML($type);
 		while (my ($id,$call,$oldtype,$coords,$tick) = $fleet->fetchrow()){
 			if($ND::DBH->do(q{UPDATE incomings SET shiptype = ? WHERE id = ?},undef,$type,$id) == 1){
 				def_log $user->{uid}, $call , "Set fleet: [B] $id [/B] to: [B] $type [/B]";