From ad60861a3f2640c0ad86ddf50afeafa790bf3d32 Mon Sep 17 00:00:00 2001 From: duckietm Date: Fri, 22 May 2026 11:03:17 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=86=99=20Catalog=20Editor,=20now=20you=20?= =?UTF-8?q?can=20also=20edit=20the=20text1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../CatalogAdminSavePageEvent.java | 40 ++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/catalog/catalogadmin/CatalogAdminSavePageEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/catalog/catalogadmin/CatalogAdminSavePageEvent.java index be5e0ec1..9fc808b1 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/catalog/catalogadmin/CatalogAdminSavePageEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/catalog/catalogadmin/CatalogAdminSavePageEvent.java @@ -7,6 +7,8 @@ import com.eu.habbo.habbohotel.catalog.CatalogPageType; import com.eu.habbo.habbohotel.permissions.Permission; import com.eu.habbo.messages.incoming.MessageHandler; import com.eu.habbo.messages.outgoing.catalog.catalogadmin.CatalogAdminResultComposer; +import org.jsoup.Jsoup; +import org.jsoup.safety.Safelist; import java.sql.Connection; import java.sql.PreparedStatement; @@ -21,6 +23,14 @@ public class CatalogAdminSavePageEvent extends MessageHandler { private static final int MAX_PARENT_WALK = 64; private static final int ROOT_PARENT_ID = -1; + private static final Safelist PAGE_HTML_SAFELIST = new Safelist() + .addTags("b", "i", "u", "br", "span", "div", "p", "a", "strong", "em", "img") + .addAttributes("a", "href", "target", "class", "style") + .addAttributes("img", "src", "alt", "class", "style") + .addAttributes(":all", "class", "style") + .addProtocols("a", "href", "http", "https", "mailto", "#") + .addProtocols("img", "src", "http", "https", "data"); + @Override public void handle() throws Exception { if (!this.client.getHabbo().hasPermission(Permission.ACC_CATALOGFURNI)) { @@ -43,6 +53,7 @@ public class CatalogAdminSavePageEvent extends MessageHandler { String textDetails = this.packet.readString(); CatalogPageType pageType = CatalogPageType.fromString(this.packet.readString()); CatalogPageType catalogMode = CatalogPageType.fromString(this.packet.readString()); + String text1 = this.packet.bytesAvailable() > 0 ? this.packet.readString() : ""; CatalogPage page = Emulator.getGameEnvironment().getCatalogManager().getCatalogPage(pageId, pageType); if (page == null) { @@ -78,16 +89,27 @@ public class CatalogAdminSavePageEvent extends MessageHandler { if (iconType < 0) iconType = 0; if (minRank < 1) minRank = 1; if (orderNum < 0) orderNum = 0; + + headline = this.sanitizeHtml(headline); + teaser = this.sanitizeHtml(teaser); + textDetails = this.sanitizeHtml(textDetails); + text1 = this.sanitizeHtml(text1); caption = this.clampLength(caption, MAX_CAPTION_LENGTH); caption2 = this.clampLength(caption2, MAX_CAPTION_SAVE_LENGTH); headline = this.clampLength(headline, MAX_HEADLINE_LENGTH); teaser = this.clampLength(teaser, MAX_TEASER_LENGTH); textDetails = this.clampLength(textDetails, MAX_TEXT_LENGTH); + text1 = this.clampLength(text1, MAX_TEXT_LENGTH); + + if (headline.isEmpty() && page.getHeaderImage() != null) headline = page.getHeaderImage(); + if (teaser.isEmpty() && page.getTeaserImage() != null) teaser = page.getTeaserImage(); + if (textDetails.isEmpty() && page.getTextDetails() != null) textDetails = page.getTextDetails(); + if (text1.isEmpty() && page.getTextOne() != null) text1 = page.getTextOne(); String query = (pageType == CatalogPageType.BUILDER) - ? "UPDATE catalog_pages_bc SET caption = ?, page_layout = ?, icon_image = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ? WHERE id = ?" - : "UPDATE catalog_pages SET caption = ?, caption_save = ?, page_layout = ?, icon_image = ?, min_rank = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, catalog_mode = ? WHERE id = ?"; + ? "UPDATE catalog_pages_bc SET caption = ?, page_layout = ?, icon_image = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, page_text1 = ? WHERE id = ?" + : "UPDATE catalog_pages SET caption = ?, caption_save = ?, page_layout = ?, icon_image = ?, min_rank = ?, visible = ?, enabled = ?, order_num = ?, parent_id = ?, page_headline = ?, page_teaser = ?, page_text_details = ?, page_text1 = ?, catalog_mode = ? WHERE id = ?"; try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement(query)) { @@ -103,7 +125,8 @@ public class CatalogAdminSavePageEvent extends MessageHandler { statement.setString(8, headline); statement.setString(9, teaser); statement.setString(10, textDetails); - statement.setInt(11, pageId); + statement.setString(11, text1); + statement.setInt(12, pageId); } else { statement.setString(2, caption2); statement.setString(3, layout); @@ -116,8 +139,9 @@ public class CatalogAdminSavePageEvent extends MessageHandler { statement.setString(10, headline); statement.setString(11, teaser); statement.setString(12, textDetails); - statement.setString(13, catalogMode.name()); - statement.setInt(14, pageId); + statement.setString(13, text1); + statement.setString(14, catalogMode.name()); + statement.setInt(15, pageId); } statement.execute(); @@ -143,4 +167,10 @@ public class CatalogAdminSavePageEvent extends MessageHandler { if (value.length() <= max) return value; return value.substring(0, max); } + + + private String sanitizeHtml(String value) { + if (value == null || value.isEmpty()) return ""; + return Jsoup.clean(value, PAGE_HTML_SAFELIST); + } }