xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-30 09:34:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b4e54c6ac3db569fc98181b07039d7e55d2ed37e
TravianZ/GameEngine
T
History
novgorodschi catalin b4e54c6ac3 Fix #291 
// Bug fix: RemoveXSS() calls htmlspecialchars() (&,<,>,",' -> entities).
        // Every display site for these values ALREADY escapes correctly on output
        // (links.tpl's safeHTML(), and preference.tpl's edit-row value=""), so
        // encoding here too meant a saved "&" was stored as literal "&amp;" text
        // in the DB, then got escaped AGAIN on redisplay — surviving one level of
        // browser entity-decoding as visible "&amp;". Worse, it silently broke
        // any saved link with a real query parameter after the first one (e.g.
        // build.php?gid=16&t=99): the stored value no longer had a real "&"
        // separator there, so "t" was never received as its own GET param.
        // strip_tags() (for name) + mysqli_real_escape_string() (below, for SQL)
        // are sufficient at save time; HTML-escaping belongs only at display time.
2026-06-29 07:49:49 +03:00
..
Admin
fix(profile): store profile descriptions raw to stop double-escaping (#273)
2026-06-24 06:51:24 +03:00
Data
Fix Some PHP 8+ view error in Build & Credits
2026-06-25 10:54:58 +03:00
Game
Update Readme
2026-05-15 08:17:14 +03:00
Lang
Some fix
2026-06-22 10:41:25 +03:00
Notes
Incremental Refactor Templates 2
2026-05-07 08:24:40 +03:00
Prevention
Incremental Refactor Templates 2
2026-05-07 08:24:40 +03:00
Account.php
security: harden signup username validation + fix reflected XSS (#184) (#187)
2026-06-09 14:57:56 +03:00
Alliance.php
fix(session): refresh the 30s user-cache after a player's own changes (#239)
2026-06-18 14:59:44 +03:00
Artifacts.php
Fix + Redesign
2026-05-28 12:25:28 +03:00
Automation.php
Refactor(Automation): TO-DO list items 7-9 [#266] (#278)
2026-06-24 18:21:30 +03:00
Battle.php
Fix Admin Panel view & some PHP 8.1+
2026-06-22 09:20:16 +03:00
BBCode.php
Incremental Refactor Form/BBCode/Mailer/Village
2026-05-13 15:09:05 +03:00
Building.php
fix(session): refresh the 30s user-cache after a player's own changes (#239)
2026-06-18 14:59:44 +03:00
Chat.php
fix(chat): stop echoing the raw INSERT query in add_data() [#139] (#243)
2026-06-19 13:31:21 +03:00
Database.php
Compact checkvacation function
2026-06-25 14:35:04 +03:00
favicon.ico
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
Form.php
Update Readme
2026-05-15 08:17:14 +03:00
functions.php
Incremental Refactor Form/BBCode/Mailer/Village
2026-05-13 15:09:05 +03:00
Generator.php
feat(preferences): apply time preference (timezone + date format) [#198]
2026-06-12 16:46:33 +03:00
index.php
Update Readme
2026-05-15 08:17:14 +03:00
Logging.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
Mailer.php
Update Readme
2026-05-15 08:17:14 +03:00
Market.php
fix(market): harden NPC resource distribution against NaN [#211]
2026-06-13 21:38:46 +02:00
Message.php
feat: reports for settling - new village founded & valley occupied (#178) (#190)
2026-06-09 16:47:29 +03:00
Multisort.php
Incremental refactor Generator/Logging/Multisort
2026-05-12 13:22:51 +03:00
Profile.php
Fix #291
2026-06-29 07:49:49 +03:00
Protection.php
Update Readme
2026-05-15 08:17:14 +03:00
Ranking.php
Incremental Refactor Market/Message/Profile
2026-05-13 12:20:10 +03:00
Session.php
feat(admin): add transparent debug error-log mode
2026-06-12 17:18:39 +03:00
Technology.php
Refactor(Technology): de-duplicate unit-summing and tidy getUpkeep() [#219] (#289)
2026-06-26 06:30:38 +03:00
Units.php
Refactor(Units): extract resolveCatapultTargets() from sendTroops() [#219] (#284)
2026-06-25 13:44:42 +03:00
Village.php
Remove some unused code and some fix
2026-05-21 13:12:21 +03:00