From df69a1706f1d41e8773547399c9fb84e28903e18 Mon Sep 17 00:00:00 2001
From: Nuno <ulukyn@gmail.com>
Date: Thu, 11 Feb 2021 14:33:25 +0100
Subject: [PATCH] Fixed potential security hole

---
 code/nel/src/gui/group_html.cpp                      | 12 ++++--------
 code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp |  6 ++----
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/code/nel/src/gui/group_html.cpp b/code/nel/src/gui/group_html.cpp
index 9531ff216..efb6e9b65 100644
--- a/code/nel/src/gui/group_html.cpp
+++ b/code/nel/src/gui/group_html.cpp
@@ -6378,19 +6378,15 @@ namespace NLGUI
 		}
 		else if (_ObjectType=="application/ryzom-tutorial")
 		{
-			strFindReplace(_ObjectScript, "[[", "\\[\\[");
-			strFindReplace(_ObjectScript, "]]", "\\]\\]");
-			strFindReplace(_ObjectScript, "\\[\\[", "]]..'[['..[[");
-			strFindReplace(_ObjectScript, "\\]\\]", "]]..']]'..[[");
+			strFindReplace(_ObjectScript, "[", "〈");
+			strFindReplace(_ObjectScript, "]", "〉");
 			CLuaManager::getInstance().executeLuaScript("\ngame:executeTutorial([["+_ObjectScript+"]])\n", true);
 			_ObjectScript.clear();
 		}
 		else if (_ObjectType=="application/ryzom-script")
 		{
-			strFindReplace(_ObjectScript, "[[", "\\[\\[");
-			strFindReplace(_ObjectScript, "]]", "\\]\\]");
-			strFindReplace(_ObjectScript, "\\[\\[", "]]..'[['..[[");
-			strFindReplace(_ObjectScript, "\\]\\]", "]]..']]'..[[");
+			strFindReplace(_ObjectScript, "[", "〈");
+			strFindReplace(_ObjectScript, "]", "〉");
 			CLuaManager::getInstance().executeLuaScript("\ngame:executeRyzomScript([["+_ObjectScript+"]])\n", true);
 			_ObjectScript.clear();
 		}
diff --git a/code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp b/code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp
index 87d2a52b4..32b37eb61 100644
--- a/code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp
+++ b/code/ryzom/client/src/interface_v3/lua_ihm_ryzom.cpp
@@ -191,10 +191,8 @@ public:
 	void execute(CCtrlBase *pCaller,    const std::string &sParams)
 	{
 		string script = sParams;
-		strFindReplace(script, "[[", "\\[\\[");
-		strFindReplace(script, "]]", "\\]\\]");
-		strFindReplace(script, "\\[\\[", "]]..'[['..[[");
-		strFindReplace(script, "\\]\\]", "]]..']]'..[[");
+		strFindReplace(script, "[", "〈");
+		strFindReplace(script, "]", "〉");
 		strFindReplace(script, "|", "\n");
 		CLuaManager::getInstance().executeLuaScript("\ngame:executeRyzomScript([["+script+"]])\n",   true);
 	}