From a1aca0e150593c450f0d0544be7115814b53c754 Mon Sep 17 00:00:00 2001 From: Pragmatic Software Date: Thu, 23 Nov 2017 15:19:28 -0800 Subject: [PATCH] Quote grabs export: Escape HTML entities for channel --- PBot/Plugins/Quotegrabs.pm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/PBot/Plugins/Quotegrabs.pm b/PBot/Plugins/Quotegrabs.pm index 16f7582d..6e778380 100644 --- a/PBot/Plugins/Quotegrabs.pm +++ b/PBot/Plugins/Quotegrabs.pm @@ -19,6 +19,7 @@ use Getopt::Long qw(GetOptionsFromString); use PBot::Plugins::Quotegrabs::Quotegrabs_SQLite; # use SQLite backend for quotegrabs database #use PBot::Plugins::Quotegrabs::Quotegrabs_Hashtable; # use Perl hashtable backend for quotegrabs database +use PBot::Utils::ValidateString; use POSIX qw(strftime); @@ -77,7 +78,7 @@ sub export_quotegrabs { my $last_channel = ""; foreach my $quotegrab (sort { $$a{channel} cmp $$b{channel} or $$a{nick} cmp $$b{nick} } @$quotegrabs) { if(not $quotegrab->{channel} =~ /^$last_channel$/i) { - print FILE "" . encode_entities($quotegrab->{channel}) . "
\n"; + print FILE "" . encode_entities($quotegrab->{channel}) . "
\n"; $last_channel = $quotegrab->{channel}; } } @@ -86,8 +87,8 @@ sub export_quotegrabs { foreach my $quotegrab (sort { $$a{channel} cmp $$b{channel} or lc $$a{nick} cmp lc $$b{nick} } @$quotegrabs) { if(not $quotegrab->{channel} =~ /^$last_channel$/i) { print FILE "\n\n" if $had_table; - print FILE "\n"; - print FILE "

$quotegrab->{channel}

\n"; + print FILE "\n"; + print FILE "

" . encode_entities($quotegrab->{channel}) . "

\n"; print FILE "\n"; print FILE "\n\n"; print FILE "\n"; @@ -234,7 +235,7 @@ sub grab_quotegrab { $quotegrab->{channel} = $channel; $quotegrab->{timestamp} = gettimeofday; $quotegrab->{grabbed_by} = "$nick!$user\@$host"; - $quotegrab->{text} = $grab_text; + $quotegrab->{text} = validate_string($grab_text); $quotegrab->{id} = undef; $quotegrab->{id} = $self->{database}->add_quotegrab($quotegrab);
id