From 20cf4748864269a56c385137163c9a54139df40d Mon Sep 17 00:00:00 2001 From: Zefram Date: Tue, 29 Apr 2014 17:53:43 +0100 Subject: [PATCH] Fix formspec injection issues --- bags.lua | 8 ++++---- internal.lua | 2 +- register.lua | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bags.lua b/bags.lua index 34533a2..dce1b3b 100644 --- a/bags.lua +++ b/bags.lua @@ -13,10 +13,10 @@ unified_inventory.register_page("bags", { formspec = formspec.."button[4,2;2,0.5;bag3;Bag 3]" formspec = formspec.."button[6,2;2,0.5;bag4;Bag 4]" formspec = formspec.."listcolors[#00000000;#00000000]" - formspec = formspec.."list[detached:"..player_name.."_bags;bag1;0.5,1;1,1;]" - formspec = formspec.."list[detached:"..player_name.."_bags;bag2;2.5,1;1,1;]" - formspec = formspec.."list[detached:"..player_name.."_bags;bag3;4.5,1;1,1;]" - formspec = formspec.."list[detached:"..player_name.."_bags;bag4;6.5,1;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."_bags;bag1;0.5,1;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."_bags;bag2;2.5,1;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."_bags;bag3;4.5,1;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."_bags;bag4;6.5,1;1,1;]" return {formspec=formspec} end, }) diff --git a/internal.lua b/internal.lua index 3696cfc..b352cdb 100644 --- a/internal.lua +++ b/internal.lua @@ -76,7 +76,7 @@ function unified_inventory.get_formspec(player, page) formspec = formspec.."label[8.2,0;Page:]" formspec = formspec.."label[9,0;"..page.." of "..pagemax.."]" formspec = formspec.."label[8.2,0.4;Filter:]" - formspec = formspec.."label[9,0.4;"..unified_inventory.activefilter[player_name].."]" + formspec = formspec.."label[9,0.4;"..minetest.formspec_escape(unified_inventory.activefilter[player_name]).."]" return formspec end diff --git a/register.lua b/register.lua index 7725aaa..f56ed97 100644 --- a/register.lua +++ b/register.lua @@ -128,7 +128,7 @@ unified_inventory.register_page("craft", { formspec = formspec.."list[detached:trash;main;7,3;1,1;]" if unified_inventory.is_creative(player_name) then formspec = formspec.."label[0,2.5;Refill:]" - formspec = formspec.."list[detached:"..player_name.."refill;main;0,3;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."refill;main;0,3;1,1;]" end return {formspec=formspec} end, @@ -141,12 +141,12 @@ unified_inventory.register_page("craftguide", { formspec = formspec.."background[0,4.5;8,4;ui_main_inventory.png]" formspec = formspec.."label[0,0;Crafting Guide]" formspec = formspec.."listcolors[#00000000;#00000000]" - formspec = formspec.."list[detached:"..player_name.."craftrecipe;output;6,1;1,1;]" + formspec = formspec.."list[detached:"..minetest.formspec_escape(player_name).."craftrecipe;output;6,1;1,1;]" formspec = formspec.."label[6,3.35;Method:]" local item_name = unified_inventory.current_item[player_name] local craft = nil if item_name then - formspec = formspec.."textarea[0.3,0.6;10,1;;Result: "..item_name..";]" + formspec = formspec.."textarea[0.3,0.6;10,1;;Result: "..minetest.formspec_escape(item_name)..";]" local alternates = 0 local alternate = unified_inventory.alternate[player_name] local crafts = unified_inventory.crafts_table[item_name]