From b0d00d2b38740eadc4bb45678f01f7636b939709 Mon Sep 17 00:00:00 2001
From: James <jesse.isler@gmail.com>
Date: Tue, 5 Apr 2022 10:19:17 +0200
Subject: [PATCH] Update confirm.php

---
 confirm.php | 51 +++++++++++++++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 22 deletions(-)

diff --git a/confirm.php b/confirm.php
index c4115b5..71eb2f1 100644
--- a/confirm.php
+++ b/confirm.php
@@ -1,6 +1,13 @@
 <body>
 <html>
 <?php
+
+public function removeBrackets($input)
+{
+  $output = str_replace('"', "'", $input)
+  return $output
+}
+
 if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
   echo 'VALID FILENAME';
 
@@ -15,11 +22,11 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
   #
 
   # This is the color defined by https://materializecss.com/color.html
-  $f_color = $_POST['rolecolor']." ".$_POST['rolestrength']."-".$_POST['rolemod'];
+  $f_color = removeBrackets($_POST['rolecolor']." ".$_POST['rolestrength']."-".$_POST['rolemod']);
   fwrite($rolefile, '$color = "'.$f_color.'"'.PHP_EOL);
 
   # Text Color
-  $f_tcolor = $_POST['tcolor'];
+  $f_tcolor = removeBrackets($_POST['tcolor']);
   fwrite($rolefile, '$tcolor = '.$f_tcolor.PHP_EOL);
 
 
@@ -28,12 +35,12 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
   #
 
   #The Name of the Role
-  $f_name = $_POST['rolename'];
-  fwrite($rolefile, '$name = '.$f_name.PHP_EOL);
+  $f_name = removeBrackets($_POST['rolename']);
+  fwrite($rolefile, '$name = "'.$f_name.PHP_EOL);
 
   #The Description of the Role, HTML conform :)
-  $f_description = $_POST['roledesc'];
-  fwrite($rolefile,'$description = '. $f_description.PHP_EOL);
+  $f_description = removeBrackets($_POST['roledesc']);
+  fwrite($rolefile,'$description = "'. $f_description.PHP_EOL);
 
 
 
@@ -43,13 +50,13 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
   #
 
   #How To play
-  $f_howtoplay = $_POST['howtoplay'];
-  fwrite($rolefile, '$howtoplay = '.$f_howtoplay.PHP_EOL);
+  $f_howtoplay = removeBrackets($_POST['howtoplay']);
+  fwrite($rolefile, '$howtoplay = "'.$f_howtoplay.PHP_EOL);
 
   #With what roles does this role play best?
   fwrite($rolefile, '$playsbestwith = "<ul>'.PHP_EOL);
 
-    foreach($_POST['goodRoles'] as $selectedOption) {
+    foreach($_POST['goodRoles'] as removeBrackets($selectedOption)) {
     fwrite($rolefile, '<li>'.$selectedOption.'</li>'.PHP_EOL);
   };
   fwrite($rolefile, '</ul>;"'.PHP_EOL);
@@ -57,10 +64,10 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
 
   #Convars
   $f_convars = '$convars = "Normal Role Convars (also found in ULX):
-  <code>'.$_POST['gconvars'].'</code>
+  <code>'.removeBrackets($_POST['gconvars'].'</code>
 
   Rolespecific Convars:
-  <code>'.$_POST['cconvars'].'</code>"';
+  <code>'.removeBrackets($_POST['cconvars']).'</code>"';
 
   fwrite($rolefile, $f_convars.PHP_EOL);
 
@@ -70,23 +77,23 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
   #
 
   #The Steam URL to your addon
-  $f_steam = $_POST['steam'];
-  fwrite($rolefile, '$steam = '.$f_steam.PHP_EOL);
+  $f_steam = removeBrackets($_POST['steam']);
+  fwrite($rolefile, '$steam = "'.$f_steam.'"'.PHP_EOL);
   #The Source URL to your addon
-  $f_source = $_POST['source'];
-  fwrite($rolefile, '$source = '.$f_source.PHP_EOL);
+  $f_source = removeBrackets($_POST['source']);
+  fwrite($rolefile, '$source = "'.$f_source.'"'.PHP_EOL);
 
   #Creator of the Addon
-  $f_author = $_POST['creator'];
-  fwrite($rolefile, '$author = '.$f_author.PHP_EOL);
+  $f_author = removeBrackets($_POST['creator']);
+  fwrite($rolefile, '$author = "'.$f_author.'"'.PHP_EOL);
   #Creatorlink
-  $f_authorurl = $_POST['creatorurl'];
-  fwrite($rolefile, '$authorurl = '.$f_authorurl.PHP_EOL);
+  $f_authorurl = removeBrackets($_POST['creatorurl']);
+  fwrite($rolefile, '$authorurl = "'.$f_authorurl.'"'.PHP_EOL);
   # Credittext (can use the above variables)
-  $f_ctext = $_POST['credits'];
-  fwrite($rolefile, '$ctext = '.$f_ctext);
+  $f_ctext = removeBrackets($_POST['credits']);
+  fwrite($rolefile, '$ctext = "'.$f_ctext.'"'.PHP_EOL);
 
-fwrite($rolefile, PHP_EOL.'?>');
+fwrite($rolefile, '?>');
 fclose($rolefile);
 } else {
     echo 'INVALID ROLENAME';