4 лет назад · 73a4f845c8
--- a/includes/api_functions.php
+++ b/includes/api_functions.php
@@ -144,7 +144,7 @@ function get_start_cmd($user_info,$remote,$server_xml,$home_info,$mod_id,$ip,$po
 
				 		$cli_param_data['QUERY_PORT'] = $port + 24;
			
 
				 	}
			
 
				 	
			
 
				-	$cli_param_data['MAP'] = ($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'];
			
 
				+	$cli_param_data['MAP'] = clean_server_param_value(($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'], $server_xml->cli_allow_chars);
			
 
				 	$cli_param_data['PLAYERS'] = ($last_param === NULL or !isset($last_param['players'])) ? 
			
 
				 								 isset($home_info['mods'][$mod_id]['max_players']) ? 
			
 
				 								 $home_info['mods'][$mod_id]['max_players'] : "1" : $last_param['players'];
			
--- a/modules/gamemanager/cfg_text_replace.php
+++ b/modules/gamemanager/cfg_text_replace.php
@@ -34,7 +34,7 @@ $last_param = json_decode($db->getLastParam($server_home["home_id"]), True);
 
				 $server_home["max_players"] = isset($cli_param_data['PLAYERS']) ? $cli_param_data['PLAYERS'] : $last_param['players'];
			
 
				 $server_home["webhost_ip"] = $_SERVER['SERVER_ADDR'];
			
 
				 $server_home["incremental"] = $db->incrementalNumByHomeId( $server_home["home_id"], $server_home["mod_cfg_id"], $server_home["remote_server_id"] );
			
 
				-$server_home["map"] = isset($cli_param_data['MAP']) ? $cli_param_data['MAP'] : $last_param['map'];
			
 
				+$server_home["map"] = clean_server_param_value(isset($cli_param_data['MAP']) ? $cli_param_data['MAP'] : $last_param['map'], $server_xml->cli_allow_chars);
			
 
				 
			
 
				 $isWin = preg_match('/CYGWIN/', $remote->what_os());
			
 
				 
			
--- a/modules/gamemanager/home_handling_functions.php
+++ b/modules/gamemanager/home_handling_functions.php
@@ -104,7 +104,7 @@ function get_start_cmd($remote,$server_xml,$home_info,$mod_id,$ip,$port,$db)
 
				 		$cli_param_data['QUERY_PORT'] = "10011";
			
 
				 	}
			
 
				 	
			
 
				-	$cli_param_data['MAP'] = ($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'];
			
 
				+	$cli_param_data['MAP'] = clean_server_param_value(($last_param === NULL or !isset($last_param['map'])) ?  "" : $last_param['map'], $server_xml->cli_allow_chars);
			
 
				 	$cli_param_data['PLAYERS'] = ($last_param === NULL or !isset($last_param['players'])) ? 
			
 
				 								 isset($home_info['mods'][$mod_id]['max_players']) ? 
			
 
				 								 $home_info['mods'][$mod_id]['max_players'] : "1" : $last_param['players'];
			
--- a/modules/gamemanager/mini_start.php
+++ b/modules/gamemanager/mini_start.php
@@ -293,6 +293,8 @@ elseif($server_home['home_id'] == $_POST['home_id'])
 
				 	    $cli_param_data['MAP'] = $_POST['map']; 
			
 
				  	else 
			
 
				  	    $cli_param_data['MAP'] = ""; 
			
 
				+ 	    
			
 
				+ 	$cli_param_data['MAP'] = clean_server_param_value($cli_param_data['MAP'], $server_xml->cli_allow_chars);
			
 
				 
			
 
				 	$ip_port = $_POST['ip_port'];
			
 
				 	list($ip, $port) = explode(":", $ip_port);