From c0c6fcf00b7da9ae179ae070664b0655c10c37c5 Mon Sep 17 00:00:00 2001
From: Blockhead <?>
Date: Sat, 4 Jan 2020 18:33:57 +0100
Subject: Apply minetest.formspec_escape() to prevent formspec injection
 (H#143)

---
 advtrains_luaautomation/pcnaming.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'advtrains_luaautomation/pcnaming.lua')

diff --git a/advtrains_luaautomation/pcnaming.lua b/advtrains_luaautomation/pcnaming.lua
index 427585d..ebb769f 100644
--- a/advtrains_luaautomation/pcnaming.lua
+++ b/advtrains_luaautomation/pcnaming.lua
@@ -52,7 +52,7 @@ minetest.register_craftitem("advtrains_luaautomation:pcnaming",{
 						pn=name
 					end
 				end
-				minetest.show_formspec(pname, "atlatc_naming_"..minetest.pos_to_string(pos), "field[pn;Set name of component (empty to clear);"..pn.."]")
+				minetest.show_formspec(pname, "atlatc_naming_"..minetest.pos_to_string(pos), "field[pn;Set name of component (empty to clear);"..minetest.formspec_escape(pn).."]")
 			end
 		end
 	end,
-- 
cgit v1.2.3