From 43c61e8bd426552b7fff88aa2108f9faee1099ec Mon Sep 17 00:00:00 2001
From: Akkarinage <mike.langford@lustinteractive.co.uk>
Date: Mon, 16 Sep 2024 12:43:27 +0100
Subject: [PATCH] Merge commit from fork

* sanitize ->title and ->title

* Resolves unsanitised player input

---------

Co-authored-by: Singe-Horizontal <singe_horizontal@protonmail.com>
---
 themes/default/buyingstore/index.php    | 4 ++--
 themes/default/buyingstore/viewshop.php | 2 +-
 themes/default/vending/index.php        | 4 ++--
 themes/default/vending/viewshop.php     | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/themes/default/buyingstore/index.php b/themes/default/buyingstore/index.php
index e329464de..4fa503c79 100644
--- a/themes/default/buyingstore/index.php
+++ b/themes/default/buyingstore/index.php
@@ -36,9 +36,9 @@
 					<td>
 					  <img src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" />
 					 <?php if ($auth->actionAllowed('buyingstore', 'viewshop')): ?>
-							<a href="<?php echo $this->url('buyingstore', 'viewshop', array("id" => $store->id)); ?>"><?php echo $store->title; ?></a>
+							<a href="<?php echo $this->url('buyingstore', 'viewshop', array("id" => $store->id)); ?>"><?php echo htmlspecialchars($store->title); ?></a>
 						<?php else: ?>
-							<?php echo $store->title ?>
+							<?php echo htmlspecialchars($store->title) ?>
 						<?php endif ?>
 					</td>
 
diff --git a/themes/default/buyingstore/viewshop.php b/themes/default/buyingstore/viewshop.php
index 8cd61dfcf..f15d0ab87 100644
--- a/themes/default/buyingstore/viewshop.php
+++ b/themes/default/buyingstore/viewshop.php
@@ -1,7 +1,7 @@
 <?php if (!defined('FLUX_ROOT')) exit; ?>
 <h2><?php echo htmlspecialchars($title); ?></h2>
 <?php if ($store): ?>
-	<h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo $store->title ?> </h3>
+	<h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo htmlspecialchars($store->title) ?> </h3>
 	<h4 style="text-align:right; color:blue; margin:0; margin-bottom:15px; "> <?php echo $store->map; ?>, <?php echo $store->x; ?>, <?php echo $store->y; ?> </h4>
 
 	<?php if ($items): ?>
diff --git a/themes/default/vending/index.php b/themes/default/vending/index.php
index e09e94473..a76b1e534 100644
--- a/themes/default/vending/index.php
+++ b/themes/default/vending/index.php
@@ -30,9 +30,9 @@
                     <td>
                        <img src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" />
                       <?php if ($auth->actionAllowed('vending', 'viewshop')): ?>
-                            <a href="<?php echo $this->url('vending', 'viewshop', array("id" => $vending->id)); ?>"><?php echo $vending->title; ?></a>
+                            <a href="<?php echo $this->url('vending', 'viewshop', array("id" => $vending->id)); ?>"><?php echo htmlspecialchars($vending->title); ?></a>
                         <?php else: ?>
-                            <?php echo $vending->title ?>
+                            <?php echo htmlspecialchars($vending->title) ?>
                         <?php endif ?>
                     </td>
                       
diff --git a/themes/default/vending/viewshop.php b/themes/default/vending/viewshop.php
index 7c317c718..d68906a48 100644
--- a/themes/default/vending/viewshop.php
+++ b/themes/default/vending/viewshop.php
@@ -1,7 +1,7 @@
 <?php if (!defined('FLUX_ROOT')) exit; ?>
 <h2><?php echo htmlspecialchars($title); ?></h2>
 <?php if ($vending): ?>
-    <h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo $vending->title ?> </h3>
+    <h3 style="text-align:right; margin:0; padding:0;font-style: italic"><img style="position:relative;top:7px;" src="<?php echo $this->iconImage(671) ?>?nocache=<?php echo rand() ?>" /> <?php echo htmlspecialchars($vending->title) ?> </h3>
     <h4 style="text-align:right; color:blue; margin:0; margin-bottom:15px; "> <?php echo $vending->map; ?>, <?php echo $vending->x; ?>, <?php echo $vending->y; ?> </h4>
 
     <?php if ($vending_items): ?>