Escape shiptypes

diff --git a/Def.pm b/Def.pm
index e9647d6259bf1712911b1dad7251e314dd17e617..9e7f53c76c5bf526b35e9ef61486a0062201e403 100644 (file)
--- a/Def.pm
+++ b/Def.pm
@@ -23,6 +23,7 @@ use ND::DB;
 use ND::Include;
 use NDIRC::Access;
 use NDIRC::Misc;
+use CGI qw/:standard/;
 require Exporter;
 
 our @ISA = qw/Exporter/;
@@ -108,6 +109,7 @@ sub setType {
                                });
                        $fleet->execute($id);
                }       
+               $type = escapeHTML($type);
                while (my ($id,$call,$oldtype,$coords,$tick) = $fleet->fetchrow()){
                        if($ND::DBH->do(q{UPDATE incomings SET shiptype = ? WHERE id = ?},undef,$type,$id) == 1){
                                def_log $user->{uid}, $call , "Set fleet: [B] $id [/B] to: [B] $type [/B]";