From 8ceb2c7f4189191ef5152ca3c3d34e6a738f17b1 Mon Sep 17 00:00:00 2001
From: Shadowss <cata7007@gmail.com>
Date: Sat, 5 Oct 2013 12:26:35 +0300
Subject: [PATCH] fix another vulberability <script>alert('test')</script> now
 not working anymore

---
 GameEngine/Message.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/GameEngine/Message.php b/GameEngine/Message.php
index 503c00c5..fc6bcf1a 100644
--- a/GameEngine/Message.php
+++ b/GameEngine/Message.php
@@ -396,7 +396,7 @@ class Message {
 		if($permission[opt7]==1){
 		if ($userally != 0) {
 		while ($allmembers = mysql_fetch_array($allmembersQ)) {
-		$database->sendMessage($allmembers[id],$session->uid,addslashes($topic),addslashes($text),0,$alliance,$player,$coor,$report);
+		$database->sendMessage($allmembers[id],$session->uid,htmlspecialchars(addslashes($topic)),htmlspecialchars(addslashes($text)),0,$alliance,$player,$coor,$report);
 		}
 			}
 			}
@@ -479,7 +479,7 @@ class Message {
 		}
 		}
 		}
-		$database->sendMessage($user, $session->uid, addslashes($topic), addslashes($text), 0, $alliance, $player, $coor, $report);
+		$database->sendMessage($user, $session->uid, htmlspecialchars(addslashes($topic)), htmlspecialchars(addslashes($text)), 0, $alliance, $player, $coor, $report);
 		}
 	}