1
0
mirror of https://github.com/wbbaddons/Tims-Chat.git synced 2024-10-31 14:10:08 +00:00

Properly encode usernames and room titles

This commit is contained in:
Maximilian Mader 2013-10-16 21:26:07 +02:00
parent 92ee11daba
commit 0622d64e28
2 changed files with 2 additions and 3 deletions

View File

@ -644,7 +644,7 @@ Fetch the roomlist from the server and update it in the GUI.
for room in data.returnValues
li = $ '<li></li>'
li.addClass 'active' if room.active
$("""<a href="#{room.link}">#{room.title} <span class="badge">#{WCF.String.formatNumeric room.userCount}</span></a>""").addClass('timsChatRoom').data('roomID', room.roomID).appendTo li
$("""<a href="#{room.link}">#{WCF.String.escapeHTML(room.title)} <span class="badge">#{WCF.String.formatNumeric room.userCount}</span></a>""").addClass('timsChatRoom').data('roomID', room.roomID).appendTo li
$('#timsChatRoomList ul').append li
if window.history?.replaceState?
@ -742,7 +742,7 @@ Open private channel
if userID isnt 0
$('#timsChatTopic').removeClass 'hidden empty'
$('#timsChatTopic > .topic').text WCF.Language.get 'chat.general.privateChannelTopic', {username: userList.allTime[userID].username}
$('#timsChatTopic > .topic').html WCF.Language.get 'chat.general.privateChannelTopic', {username: userList.allTime[userID].username}
$('#timsChatTopic > .jsTopicCloser').attr 'title', WCF.Language.get 'chat.general.closePrivateChannel'
unless $.wcfIsset "privateChannel#{userID}"

View File

@ -15,7 +15,6 @@
* @subpackage system.chat.command.commands
*/
class InfoCommand extends \chat\system\command\AbstractCommand {
public $enableHTML = self::SETTING_ON;
public $lines = array();
public $user = null;