diff --git a/backend/hint.go b/backend/hint.go
index 7fb5a729..acf0fa30 100644
--- a/backend/hint.go
+++ b/backend/hint.go
@@ -5,6 +5,7 @@ import (
"encoding/binary"
"encoding/json"
"fmt"
+ "html"
"io/ioutil"
"log"
"math/rand"
@@ -49,7 +50,7 @@ func treatOpeningHint(pathname string, team fic.Team) {
log.Printf("%s [WRN] %s\n", id, err)
} else if theme, err := fic.GetTheme(exercice.IdTheme); err != nil {
log.Printf("%s [WRN] %s\n", id, err)
- } else if _, err = fic.NewEvent(fmt.Sprintf("L'équipe %s a dévoilé un indice pour le %de défi %s !", team.Name, lvl, theme.Name), "info"); err != nil {
+ } else if _, err = fic.NewEvent(fmt.Sprintf("L'équipe %s a dévoilé un indice pour le %de défi %s !", html.EscapeString(team.Name), lvl, theme.Name), "info"); err != nil {
log.Printf("%s [WRN] Unable to create event: %s\n", id, err)
}
diff --git a/backend/registration.go b/backend/registration.go
index 6975414b..df3754a4 100644
--- a/backend/registration.go
+++ b/backend/registration.go
@@ -5,6 +5,7 @@ import (
"encoding/binary"
"encoding/json"
"fmt"
+ "html"
"io/ioutil"
"log"
"math/rand"
@@ -86,7 +87,7 @@ func treatRegistration(pathname string, team_id string) {
if err := os.Remove(pathname); err != nil {
log.Printf("%s [WRN] %s\n", id, err)
}
- if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe %s qui vient de nous rejoindre !", team.Name), "info"); err != nil {
+ if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe %s qui vient de nous rejoindre !", html.EscapeString(team.Name)), "info"); err != nil {
log.Printf("%s [WRN] Unable to create event: %s\n", id, err)
}
diff --git a/backend/rename.go b/backend/rename.go
index a5f93ccc..348d32c4 100644
--- a/backend/rename.go
+++ b/backend/rename.go
@@ -5,6 +5,7 @@ import (
"encoding/binary"
"encoding/json"
"fmt"
+ "html"
"io/ioutil"
"log"
"math/rand"
@@ -38,7 +39,7 @@ func treatRename(pathname string, team fic.Team) {
log.Printf("%s [WRN] Unable to change team name: %s\n", id, err)
}
genTeamQueue <- &team
- if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe %s qui vient de nous rejoindre !", team.Name), "info"); err != nil {
+ if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe %s qui vient de nous rejoindre !", html.EscapeString(team.Name)), "info"); err != nil {
log.Printf("%s [WRN] Unable to create event: %s\n", id, err)
}
appendGenQueue(genStruct{Type: GenEvents})
diff --git a/backend/submission.go b/backend/submission.go
index 4b317409..b3e24fcf 100644
--- a/backend/submission.go
+++ b/backend/submission.go
@@ -5,6 +5,7 @@ import (
"encoding/binary"
"encoding/json"
"fmt"
+ "html"
"io/ioutil"
"log"
"math/rand"
@@ -127,7 +128,7 @@ func treatSubmission(pathname string, team fic.Team, exercice_id string) {
// Write event
if lvl, err := exercice.GetLevel(); err != nil {
log.Println(id, "[ERR] Unable to get exercice level:", err)
- } else if _, err := fic.NewEvent(fmt.Sprintf("L'équipe %s a résolu le %de défi %s !", team.Name, lvl, theme.Name), "success"); err != nil {
+ } else if _, err := fic.NewEvent(fmt.Sprintf("L'équipe %s a résolu le %de défi %s !", html.EscapeString(team.Name), lvl, theme.Name), "success"); err != nil {
log.Println(id, "[WRN] Unable to create event:", err)
}
genTeamQueue <- &team
@@ -140,7 +141,7 @@ func treatSubmission(pathname string, team fic.Team, exercice_id string) {
if tm.Unix() == 0 {
if lvl, err := exercice.GetLevel(); err != nil {
log.Println(id, "[ERR] Unable to get exercice level:", err)
- } else if _, err := fic.NewEvent(fmt.Sprintf("L'équipe %s tente le %de défi %s !", team.Name, lvl, theme.Name), "warning"); err != nil {
+ } else if _, err := fic.NewEvent(fmt.Sprintf("L'équipe %s tente le %de défi %s !", html.EscapeString(team.Name), lvl, theme.Name), "warning"); err != nil {
log.Println(id, "[WRN] Unable to create event:", err)
}
}