Merge pull request tgstation#6976 from tkdrg/sheeit

Fixes XSS vuln in changeling mimic voice
BigSlice · Jan 11, 2015 · d1a15e9 · d1a15e9
2 parents 713da93 + 6f0fe53
commit d1a15e9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/code/game/gamemodes/changeling/powers/mimic_voice.dm b/code/game/gamemodes/changeling/powers/mimic_voice.dm
@@ -16,7 +16,7 @@
 		user << "<span class='notice'>We return our vocal glands to their original position.</span>"
 		return
 
-	var/mimic_voice = input("Enter a name to mimic.", "Mimic Voice", null) as text
+	var/mimic_voice = stripped_input(user, "Enter a name to mimic.", "Mimic Voice", null, MAX_NAME_LEN)
 	if(!mimic_voice)
 		return
 
@@ -25,4 +25,4 @@
 	user << "<span class='notice'>We shape our glands to take the voice of <b>[mimic_voice]</b>, this will stop us from regenerating chemicals while active.</span>"
 	user << "<span class='notice'>Use this power again to return to our original voice and reproduce chemicals again.</span>"
 
-	feedback_add_details("changeling_powers","MV")
+	feedback_add_details("changeling_powers","MV")