🆙 Catalog Editor, now you can also edit the text1

Emulator/src/main/java/com/eu/habbo/messages/incoming/catalog/catalogadmin/CatalogAdminSavePageEvent.java

@@ -7,6 +7,8 @@ import com.eu.habbo.habbohotel.catalog.CatalogPageType;
 import com.eu.habbo.habbohotel.permissions.Permission;
 import com.eu.habbo.messages.incoming.MessageHandler;
 import com.eu.habbo.messages.outgoing.catalog.catalogadmin.CatalogAdminResultComposer;
+import org.jsoup.Jsoup;
+import org.jsoup.safety.Safelist;
 
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -21,6 +23,14 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
     private static final int MAX_PARENT_WALK = 64;
     private static final int ROOT_PARENT_ID = -1;
 
+    private static final Safelist PAGE_HTML_SAFELIST = new Safelist()
+            .addTags("b", "i", "u", "br", "span", "div", "p", "a", "strong", "em", "img")
+            .addAttributes("a", "href", "target", "class", "style")
+            .addAttributes("img", "src", "alt", "class", "style")
+            .addAttributes(":all", "class", "style")
+            .addProtocols("a", "href", "http", "https", "mailto", "#")
+            .addProtocols("img", "src", "http", "https", "data");
+
     @Override
     public void handle() throws Exception {
         if (!this.client.getHabbo().hasPermission(Permission.ACC_CATALOGFURNI)) {
@@ -43,6 +53,7 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
         String textDetails = this.packet.readString();
         CatalogPageType pageType = CatalogPageType.fromString(this.packet.readString());
         CatalogPageType catalogMode = CatalogPageType.fromString(this.packet.readString());
+        String text1 = this.packet.bytesAvailable() > 0 ? this.packet.readString() : "";
         CatalogPage page = Emulator.getGameEnvironment().getCatalogManager().getCatalogPage(pageId, pageType);
 
         if (page == null) {
@@ -78,16 +89,27 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
         if (iconType < 0) iconType = 0;
         if (minRank < 1) minRank = 1;
         if (orderNum < 0) orderNum = 0;
+		
+        headline = this.sanitizeHtml(headline);
+        teaser = this.sanitizeHtml(teaser);
+        textDetails = this.sanitizeHtml(textDetails);
+        text1 = this.sanitizeHtml(text1);
 
         caption = this.clampLength(caption, MAX_CAPTION_LENGTH);
         caption2 = this.clampLength(caption2, MAX_CAPTION_SAVE_LENGTH);
         headline = this.clampLength(headline, MAX_HEADLINE_LENGTH);
         teaser = this.clampLength(teaser, MAX_TEASER_LENGTH);
         textDetails = this.clampLength(textDetails, MAX_TEXT_LENGTH);
+        text1 = this.clampLength(text1, MAX_TEXT_LENGTH);
+
+        if (headline.isEmpty() && page.getHeaderImage() != null) headline = page.getHeaderImage();
+        if (teaser.isEmpty() && page.getTeaserImage() != null) teaser = page.getTeaserImage();
+        if (textDetails.isEmpty() && page.getTextDetails() != null) textDetails = page.getTextDetails();
+        if (text1.isEmpty() && page.getTextOne() != null) text1 = page.getTextOne();
 
         String query = (pageType == CatalogPageType.BUILDER)
-                ? "UPDATE catalog_pages_bc SET caption = ?, page_layout = ?, icon_image = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ? WHERE id = ?"
+                ? "UPDATE catalog_pages_bc SET caption = ?, page_layout = ?, icon_image = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, page_text1 = ? WHERE id = ?"
-                : "UPDATE catalog_pages SET caption = ?, caption_save = ?, page_layout = ?, icon_image = ?, min_rank = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, catalog_mode = ? WHERE id = ?";
+                : "UPDATE catalog_pages SET caption = ?, caption_save = ?, page_layout = ?, icon_image = ?, min_rank = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, page_text1 = ?, catalog_mode = ? WHERE id = ?";
 
         try (Connection connection = Emulator.getDatabase().getDataSource().getConnection();
              PreparedStatement statement = connection.prepareStatement(query)) {
@@ -103,7 +125,8 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
                 statement.setString(8, headline);
                 statement.setString(9, teaser);
                 statement.setString(10, textDetails);
-                statement.setInt(11, pageId);
+                statement.setString(11, text1);
+                statement.setInt(12, pageId);
             } else {
                 statement.setString(2, caption2);
                 statement.setString(3, layout);
@@ -116,8 +139,9 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
                 statement.setString(10, headline);
                 statement.setString(11, teaser);
                 statement.setString(12, textDetails);
-                statement.setString(13, catalogMode.name());
+                statement.setString(13, text1);
-                statement.setInt(14, pageId);
+                statement.setString(14, catalogMode.name());
+                statement.setInt(15, pageId);
             }
 
             statement.execute();
@@ -143,4 +167,10 @@ public class CatalogAdminSavePageEvent extends MessageHandler {
         if (value.length() <= max) return value;
         return value.substring(0, max);
     }
+
+
+    private String sanitizeHtml(String value) {
+        if (value == null || value.isEmpty()) return "";
+        return Jsoup.clean(value, PAGE_HTML_SAFELIST);
+    }
 }