From 3f78fdc7bce57985c3e144cd4cb1e4af041d4cee Mon Sep 17 00:00:00 2001 From: Lucy Date: Tue, 10 Dec 2024 17:21:19 -0500 Subject: [PATCH 1/2] fix some double-encodes in plexora/tgs stuff --- code/modules/admin/verbs/adminhelp.dm | 5 ++--- monkestation/code/modules/mentor/mentor_pm.dm | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/code/modules/admin/verbs/adminhelp.dm b/code/modules/admin/verbs/adminhelp.dm index 73d8ef375b98..b50cec1c004c 100644 --- a/code/modules/admin/verbs/adminhelp.dm +++ b/code/modules/admin/verbs/adminhelp.dm @@ -252,7 +252,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new) else SSplexora.aticket_new(src, msg_raw, is_bwoink, urgent) // monkestation edit: PLEXORA MessageNoRecipient(msg_raw, urgent) - send_message_to_tgs(msg, urgent) + send_message_to_tgs(trim(msg_raw, MAX_MESSAGE_LEN), urgent) GLOB.ahelp_tickets.active_tickets += src /datum/admin_help/proc/format_embed_discord(message) @@ -798,8 +798,7 @@ GLOBAL_DATUM_INIT(admin_help_ui_handler, /datum/admin_help_ui_handler, new) if(user_client.current_ticket) user_client.current_ticket.TimeoutVerb() if(urgent) - var/sanitized_message = sanitize(copytext_char(message, 1, MAX_MESSAGE_LEN)) - user_client.current_ticket.send_message_to_tgs(sanitized_message, urgent = TRUE) + user_client.current_ticket.send_message_to_tgs(trim(message, MAX_MESSAGE_LEN), urgent = TRUE) user_client.current_ticket.MessageNoRecipient(message, urgent) return diff --git a/monkestation/code/modules/mentor/mentor_pm.dm b/monkestation/code/modules/mentor/mentor_pm.dm index f886844b972f..a7cbed53de1f 100644 --- a/monkestation/code/modules/mentor/mentor_pm.dm +++ b/monkestation/code/modules/mentor/mentor_pm.dm @@ -146,7 +146,7 @@ html = "Mentor PM to-[key_name_mentor(chosen_client, chosen_client, TRUE, FALSE)]: [msg]", confidential = TRUE) var/datum/request/request = GLOB.mentor_requests.requests[chosen_client.ckey][length(GLOB.mentor_requests.requests[chosen_client.ckey])] - SSplexora.mticket_pm(request, src.mob, chosen_client.mob, msg) + SSplexora.mticket_pm(request, src.mob, chosen_client.mob, html_decode(msg)) From 448af95f0144e375c1b2ee1d26a1fa2789eb6a07 Mon Sep 17 00:00:00 2001 From: Lucy Date: Tue, 10 Dec 2024 17:26:15 -0500 Subject: [PATCH 2/2] safer this way --- code/__HELPERS/text.dm | 6 ++++-- code/modules/admin/verbs/adminhelp.dm | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/code/__HELPERS/text.dm b/code/__HELPERS/text.dm index 3b9100aa68f0..19025d825242 100644 --- a/code/__HELPERS/text.dm +++ b/code/__HELPERS/text.dm @@ -34,9 +34,11 @@ /// Runs byond's html encoding sanitization proc, after replacing new-lines and tabs for the # character. -/proc/sanitize(text) +/proc/sanitize(text, encode = TRUE) var/static/regex/regex = regex(@"[\n\t]", "g") - return html_encode(regex.Replace(text, "#")) + . = replacetext(text, regex, "#") + if(encode) + return html_encode(.) /// Runs STRIP_HTML_SIMPLE and sanitize. diff --git a/code/modules/admin/verbs/adminhelp.dm b/code/modules/admin/verbs/adminhelp.dm index b50cec1c004c..dc0a72d7f7d5 100644 --- a/code/modules/admin/verbs/adminhelp.dm +++ b/code/modules/admin/verbs/adminhelp.dm @@ -252,7 +252,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new) else SSplexora.aticket_new(src, msg_raw, is_bwoink, urgent) // monkestation edit: PLEXORA MessageNoRecipient(msg_raw, urgent) - send_message_to_tgs(trim(msg_raw, MAX_MESSAGE_LEN), urgent) + send_message_to_tgs(html_decode(msg), urgent) GLOB.ahelp_tickets.active_tickets += src /datum/admin_help/proc/format_embed_discord(message) @@ -798,7 +798,8 @@ GLOBAL_DATUM_INIT(admin_help_ui_handler, /datum/admin_help_ui_handler, new) if(user_client.current_ticket) user_client.current_ticket.TimeoutVerb() if(urgent) - user_client.current_ticket.send_message_to_tgs(trim(message, MAX_MESSAGE_LEN), urgent = TRUE) + var/sanitized_message = sanitize(trim(message, MAX_MESSAGE_LEN), encode = FALSE) + user_client.current_ticket.send_message_to_tgs(sanitized_message, urgent = TRUE) user_client.current_ticket.MessageNoRecipient(message, urgent) return