Update confirm.php

2022-04-05 10:19:17 +02:00 · 2022-04-05 10:19:17 +02:00 · b0d00d2b38
commit b0d00d2b38
parent 5b272d2761
1 changed files with 29 additions and 22 deletions
--- a/confirm.php
+++ b/confirm.php
@ -1,6 +1,13 @@
 <body>
 <html>
 <?php
+
+public function removeBrackets($input)
+{
+  $output = str_replace('"', "'", $input)
+  return $output
+}
+
 if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
  echo 'VALID FILENAME';

@ -15,11 +22,11 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
  #

  # This is the color defined by https://materializecss.com/color.html
-  $f_color = $_POST['rolecolor']." ".$_POST['rolestrength']."-".$_POST['rolemod'];
+  $f_color = removeBrackets($_POST['rolecolor']." ".$_POST['rolestrength']."-".$_POST['rolemod']);
  fwrite($rolefile, '$color = "'.$f_color.'"'.PHP_EOL);

  # Text Color
-  $f_tcolor = $_POST['tcolor'];
+  $f_tcolor = removeBrackets($_POST['tcolor']);
  fwrite($rolefile, '$tcolor = '.$f_tcolor.PHP_EOL);


@ -28,12 +35,12 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
  #

  #The Name of the Role
-  $f_name = $_POST['rolename'];
-  fwrite($rolefile, '$name = '.$f_name.PHP_EOL);
+  $f_name = removeBrackets($_POST['rolename']);
+  fwrite($rolefile, '$name = "'.$f_name.PHP_EOL);

  #The Description of the Role, HTML conform :)
-  $f_description = $_POST['roledesc'];
-  fwrite($rolefile,'$description = '. $f_description.PHP_EOL);
+  $f_description = removeBrackets($_POST['roledesc']);
+  fwrite($rolefile,'$description = "'. $f_description.PHP_EOL);



@ -43,13 +50,13 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
  #

  #How To play
-  $f_howtoplay = $_POST['howtoplay'];
-  fwrite($rolefile, '$howtoplay = '.$f_howtoplay.PHP_EOL);
+  $f_howtoplay = removeBrackets($_POST['howtoplay']);
+  fwrite($rolefile, '$howtoplay = "'.$f_howtoplay.PHP_EOL);

  #With what roles does this role play best?
  fwrite($rolefile, '$playsbestwith = "<ul>'.PHP_EOL);

-    foreach($_POST['goodRoles'] as $selectedOption) {
+    foreach($_POST['goodRoles'] as removeBrackets($selectedOption)) {
    fwrite($rolefile, '<li>'.$selectedOption.'</li>'.PHP_EOL);
  };
  fwrite($rolefile, '</ul>;"'.PHP_EOL);
@ -57,10 +64,10 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){

  #Convars
  $f_convars = '$convars = "Normal Role Convars (also found in ULX):
-  <code>'.$_POST['gconvars'].'</code>
+  <code>'.removeBrackets($_POST['gconvars'].'</code>

  Rolespecific Convars:
-  <code>'.$_POST['cconvars'].'</code>"';
+  <code>'.removeBrackets($_POST['cconvars']).'</code>"';

  fwrite($rolefile, $f_convars.PHP_EOL);

@ -70,23 +77,23 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
  #

  #The Steam URL to your addon
-  $f_steam = $_POST['steam'];
-  fwrite($rolefile, '$steam = '.$f_steam.PHP_EOL);
+  $f_steam = removeBrackets($_POST['steam']);
+  fwrite($rolefile, '$steam = "'.$f_steam.'"'.PHP_EOL);
  #The Source URL to your addon
-  $f_source = $_POST['source'];
-  fwrite($rolefile, '$source = '.$f_source.PHP_EOL);
+  $f_source = removeBrackets($_POST['source']);
+  fwrite($rolefile, '$source = "'.$f_source.'"'.PHP_EOL);

  #Creator of the Addon
-  $f_author = $_POST['creator'];
-  fwrite($rolefile, '$author = '.$f_author.PHP_EOL);
+  $f_author = removeBrackets($_POST['creator']);
+  fwrite($rolefile, '$author = "'.$f_author.'"'.PHP_EOL);
  #Creatorlink
-  $f_authorurl = $_POST['creatorurl'];
-  fwrite($rolefile, '$authorurl = '.$f_authorurl.PHP_EOL);
+  $f_authorurl = removeBrackets($_POST['creatorurl']);
+  fwrite($rolefile, '$authorurl = "'.$f_authorurl.'"'.PHP_EOL);
  # Credittext (can use the above variables)
-  $f_ctext = $_POST['credits'];
-  fwrite($rolefile, '$ctext = '.$f_ctext);
+  $f_ctext = removeBrackets($_POST['credits']);
+  fwrite($rolefile, '$ctext = "'.$f_ctext.'"'.PHP_EOL);

-fwrite($rolefile, PHP_EOL.'?>');
+fwrite($rolefile, '?>');
 fclose($rolefile);
 } else {
    echo 'INVALID ROLENAME';