aboutsummaryrefslogtreecommitdiff
path: root/builtin/mainmenu
diff options
context:
space:
mode:
authorKahrl <kahrl@gmx.net>2014-12-08 07:47:51 +0100
committerKahrl <kahrl@gmx.net>2014-12-08 07:48:51 +0100
commitd0be8238074dd15254838e4af12069ff4bef67d2 (patch)
treee856e8502f4ac314492173abd42de5e239def9ef /builtin/mainmenu
parent2fd3d5202051e03303ac2b8e76976a7c4c8477f3 (diff)
downloadminetest-d0be8238074dd15254838e4af12069ff4bef67d2.tar.gz
minetest-d0be8238074dd15254838e4af12069ff4bef67d2.tar.bz2
minetest-d0be8238074dd15254838e4af12069ff4bef67d2.zip
Always escape user provided data in mainmenu fields
Diffstat (limited to 'builtin/mainmenu')
-rw-r--r--builtin/mainmenu/tab_multiplayer.lua9
-rw-r--r--builtin/mainmenu/tab_server.lua8
-rw-r--r--builtin/mainmenu/tab_simple_main.lua9
3 files changed, 16 insertions, 10 deletions
diff --git a/builtin/mainmenu/tab_multiplayer.lua b/builtin/mainmenu/tab_multiplayer.lua
index c3a7d921e..b235eaecf 100644
--- a/builtin/mainmenu/tab_multiplayer.lua
+++ b/builtin/mainmenu/tab_multiplayer.lua
@@ -24,8 +24,10 @@ local function get_formspec(tabview, name, tabdata)
"label[1,-0.25;".. fgettext("Favorites:") .. "]"..
"label[1,4.25;".. fgettext("Address/Port") .. "]"..
"label[9,2.75;".. fgettext("Name/Password") .. "]" ..
- "field[1.25,5.25;5.5,0.5;te_address;;" ..core.setting_get("address") .."]" ..
- "field[6.75,5.25;2.25,0.5;te_port;;" ..core.setting_get("remote_port") .."]" ..
+ "field[1.25,5.25;5.5,0.5;te_address;;" ..
+ core.formspec_escape(core.setting_get("address")) .."]" ..
+ "field[6.75,5.25;2.25,0.5;te_port;;" ..
+ core.formspec_escape(core.setting_get("remote_port")) .."]" ..
"checkbox[1,3.6;cb_public_serverlist;".. fgettext("Public Serverlist") .. ";" ..
dump(core.setting_getbool("public_serverlist")) .. "]"
@@ -36,7 +38,8 @@ local function get_formspec(tabview, name, tabdata)
retval = retval ..
"button[9,4.95;2.5,0.5;btn_mp_connect;".. fgettext("Connect") .. "]" ..
- "field[9.3,3.75;2.5,0.5;te_name;;" ..core.setting_get("name") .."]" ..
+ "field[9.3,3.75;2.5,0.5;te_name;;" ..
+ core.formspec_escape(core.setting_get("name")) .."]" ..
"pwdfield[9.3,4.5;2.5,0.5;te_pwd;]" ..
"textarea[9.3,0.25;2.5,2.75;;"
diff --git a/builtin/mainmenu/tab_server.lua b/builtin/mainmenu/tab_server.lua
index 154a54cc7..34706efbe 100644
--- a/builtin/mainmenu/tab_server.lua
+++ b/builtin/mainmenu/tab_server.lua
@@ -36,20 +36,20 @@ local function get_formspec(tabview, name, tabdata)
"checkbox[0.5,1.15;cb_server_announce;".. fgettext("Public") .. ";" ..
dump(core.setting_getbool("server_announce")) .. "]"..
"field[0.8,3.2;3.5,0.5;te_playername;".. fgettext("Name") .. ";" ..
- core.setting_get("name") .. "]" ..
+ core.formspec_escape(core.setting_get("name")) .. "]" ..
"pwdfield[0.8,4.2;3.5,0.5;te_passwd;".. fgettext("Password") .. "]"
local bind_addr = core.setting_get("bind_address")
if bind_addr ~= nil and bind_addr ~= "" then
retval = retval ..
"field[0.8,5.2;2.25,0.5;te_serveraddr;".. fgettext("Bind Address") .. ";" ..
- core.setting_get("bind_address") .."]" ..
+ core.formspec_escape(core.setting_get("bind_address")) .."]" ..
"field[3.05,5.2;1.25,0.5;te_serverport;".. fgettext("Port") .. ";" ..
- core.setting_get("port") .."]"
+ core.formspec_escape(core.setting_get("port")) .."]"
else
retval = retval ..
"field[0.8,5.2;3.5,0.5;te_serverport;".. fgettext("Server Port") .. ";" ..
- core.setting_get("port") .."]"
+ core.formspec_escape(core.setting_get("port")) .."]"
end
retval = retval ..
diff --git a/builtin/mainmenu/tab_simple_main.lua b/builtin/mainmenu/tab_simple_main.lua
index 0724acf87..b48e523f3 100644
--- a/builtin/mainmenu/tab_simple_main.lua
+++ b/builtin/mainmenu/tab_simple_main.lua
@@ -23,14 +23,17 @@ local function get_formspec(tabview, name, tabdata)
retval = retval ..
"label[8,0.5;".. fgettext("Name/Password") .. "]" ..
- "field[0.25,3.25;5.5,0.5;te_address;;" ..core.setting_get("address") .."]" ..
- "field[5.75,3.25;2.25,0.5;te_port;;" ..core.setting_get("remote_port") .."]" ..
+ "field[0.25,3.25;5.5,0.5;te_address;;" ..
+ core.formspec_escape(core.setting_get("address")) .."]" ..
+ "field[5.75,3.25;2.25,0.5;te_port;;" ..
+ core.formspec_escape(core.setting_get("remote_port")) .."]" ..
"checkbox[8,-0.25;cb_public_serverlist;".. fgettext("Public Serverlist") .. ";" ..
render_details .. "]"
retval = retval ..
"button[8,2.5;4,1.5;btn_mp_connect;".. fgettext("Connect") .. "]" ..
- "field[8.75,1.5;3.5,0.5;te_name;;" ..core.setting_get("name") .."]" ..
+ "field[8.75,1.5;3.5,0.5;te_name;;" ..
+ core.formspec_escape(core.setting_get("name")) .."]" ..
"pwdfield[8.75,2.3;3.5,0.5;te_pwd;]"
--favourites