Fixed potential security hole

code/nel/src/gui/group_html.cpp

@@ -6378,15 +6378,15 @@ namespace NLGUI
 		}
 		else if (_ObjectType=="application/ryzom-tutorial")
 		{
-			strFindReplace(_ObjectScript, "[", "〈");
+			while(strFindReplace(_ObjectScript, "[", "〈"));
-			strFindReplace(_ObjectScript, "]", "〉");
+			while(strFindReplace(_ObjectScript, "]", "〉"));
 			CLuaManager::getInstance().executeLuaScript("\ngame:executeTutorial([["+_ObjectScript+"]])\n", true);
 			_ObjectScript.clear();
 		}
 		else if (_ObjectType=="application/ryzom-script")
 		{
-			strFindReplace(_ObjectScript, "[", "〈");
+			while(strFindReplace(_ObjectScript, "[", "〈"));
-			strFindReplace(_ObjectScript, "]", "〉");
+			while(strFindReplace(_ObjectScript, "]", "〉"));
 			CLuaManager::getInstance().executeLuaScript("\ngame:executeRyzomScript([["+_ObjectScript+"]])\n", true);
 			_ObjectScript.clear();
 		}

code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp

@@ -191,8 +191,8 @@ public:
 	void execute(CCtrlBase *pCaller,    const std::string &sParams)
 	{
 		string script = sParams;
-		strFindReplace(script, "[", "〈");
+		while(strFindReplace(script, "[", "〈"));
-		strFindReplace(script, "]", "〉");
+		while(strFindReplace(script, "]", "〉"));
 		strFindReplace(script, "|", "\n");
 		CLuaManager::getInstance().executeLuaScript("\ngame:executeRyzomScript([["+script+"]])\n",   true);
 	}