From d0625f3ae0d3c4d9b64a52f2632d9a1d568e98aa Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Sat, 20 Sep 2008 11:21:13 +0200
Subject: [PATCH] Escape shiptypes

---
 Def.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Def.pm b/Def.pm
index e9647d6..9e7f53c 100644
--- a/Def.pm
+++ b/Def.pm
@@ -23,6 +23,7 @@ use ND::DB;
 use ND::Include;
 use NDIRC::Access;
 use NDIRC::Misc;
+use CGI qw/:standard/;
 require Exporter;
 
 our @ISA = qw/Exporter/;
@@ -108,6 +109,7 @@ sub setType {
 				});
 			$fleet->execute($id);
 		}	
+		$type = escapeHTML($type);
 		while (my ($id,$call,$oldtype,$coords,$tick) = $fleet->fetchrow()){
 			if($ND::DBH->do(q{UPDATE incomings SET shiptype = ? WHERE id = ?},undef,$type,$id) == 1){
 				def_log $user->{uid}, $call , "Set fleet: [B] $id [/B] to: [B] $type [/B]";
-- 
2.39.2