diff options
author | Kahrl <kahrl@gmx.net> | 2014-12-08 07:47:51 +0100 |
---|---|---|
committer | Kahrl <kahrl@gmx.net> | 2014-12-08 07:48:51 +0100 |
commit | d0be8238074dd15254838e4af12069ff4bef67d2 (patch) | |
tree | e856e8502f4ac314492173abd42de5e239def9ef /builtin/mainmenu/tab_server.lua | |
parent | 2fd3d5202051e03303ac2b8e76976a7c4c8477f3 (diff) | |
download | minetest-d0be8238074dd15254838e4af12069ff4bef67d2.tar.gz minetest-d0be8238074dd15254838e4af12069ff4bef67d2.tar.bz2 minetest-d0be8238074dd15254838e4af12069ff4bef67d2.zip |
Always escape user provided data in mainmenu fields
Diffstat (limited to 'builtin/mainmenu/tab_server.lua')
-rw-r--r-- | builtin/mainmenu/tab_server.lua | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/builtin/mainmenu/tab_server.lua b/builtin/mainmenu/tab_server.lua index 154a54cc7..34706efbe 100644 --- a/builtin/mainmenu/tab_server.lua +++ b/builtin/mainmenu/tab_server.lua @@ -36,20 +36,20 @@ local function get_formspec(tabview, name, tabdata) "checkbox[0.5,1.15;cb_server_announce;".. fgettext("Public") .. ";" .. dump(core.setting_getbool("server_announce")) .. "]".. "field[0.8,3.2;3.5,0.5;te_playername;".. fgettext("Name") .. ";" .. - core.setting_get("name") .. "]" .. + core.formspec_escape(core.setting_get("name")) .. "]" .. "pwdfield[0.8,4.2;3.5,0.5;te_passwd;".. fgettext("Password") .. "]" local bind_addr = core.setting_get("bind_address") if bind_addr ~= nil and bind_addr ~= "" then retval = retval .. "field[0.8,5.2;2.25,0.5;te_serveraddr;".. fgettext("Bind Address") .. ";" .. - core.setting_get("bind_address") .."]" .. + core.formspec_escape(core.setting_get("bind_address")) .."]" .. "field[3.05,5.2;1.25,0.5;te_serverport;".. fgettext("Port") .. ";" .. - core.setting_get("port") .."]" + core.formspec_escape(core.setting_get("port")) .."]" else retval = retval .. "field[0.8,5.2;3.5,0.5;te_serverport;".. fgettext("Server Port") .. ";" .. - core.setting_get("port") .."]" + core.formspec_escape(core.setting_get("port")) .."]" end retval = retval .. |