From c0c6fcf00b7da9ae179ae070664b0655c10c37c5 Mon Sep 17 00:00:00 2001
From: Blockhead <?>
Date: Sat, 4 Jan 2020 18:33:57 +0100
Subject: Apply minetest.formspec_escape() to prevent formspec injection
 (H#143)

---
 advtrains_line_automation/stoprail.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'advtrains_line_automation')

diff --git a/advtrains_line_automation/stoprail.lua b/advtrains_line_automation/stoprail.lua
index 0db474f..0990876 100644
--- a/advtrains_line_automation/stoprail.lua
+++ b/advtrains_line_automation/stoprail.lua
@@ -58,7 +58,7 @@ local function show_stoprailform(pos, player)
 	form = form.."dropdown[0.5,3;2;doors;Left,Right,Closed;"..door_dropdown[stdata.doors].."]"
 	form = form.."dropdown[3,3;1.5;reverse;---,Reverse;"..(stdata.reverse and 2 or 1).."]"
 	
-	form = form.."field[5,3.5;2,1;track;"..attrans("Track")..";"..stdata.track.."]"
+	form = form.."field[5,3.5;2,1;track;"..attrans("Track")..";"..minetest.formspec_escape(stdata.track).."]"
 	form = form.."field[5,4.5;2,1;wait;"..attrans("Stop Time")..";"..stdata.wait.."]"
 	
 	form = form.."textarea[0.5,4;4,2;ars;Trains stopping here (ARS rules);"..advtrains.interlocking.ars_to_text(stdata.ars).."]"
-- 
cgit v1.2.3