fix: sanitizing user-controlled input in function (#648)

tobiasehlert · web-flow · commit 86f5ce3f03fa · 2026-05-05T22:36:20.000+02:00
diff --git a/src/TibiaDataUtils.go b/src/TibiaDataUtils.go
@@ -130,7 +130,8 @@ func TibiaDataStringToInteger(data string) int {
 	returnData, err := strconv.Atoi(str)
 	if err != nil {
 		if TibiaDataDebug {
-			log.Printf("[warning] TibiaDataStringToInteger: failed to parse '%s' as integer - returning 0", data)
+			sanitized := strings.ReplaceAll(strings.ReplaceAll(data, "\n", "_"), "\r", "_")
+			log.Printf("[warning] TibiaDataStringToInteger: failed to parse '%s' as integer - returning 0", sanitized)
 		}
 		return 0
 	}

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,8 @@ func TibiaDataStringToInteger(data string) int {`
`130`	`130`	`returnData, err := strconv.Atoi(str)`
`131`	`131`	`if err != nil {`
`132`	`132`	`if TibiaDataDebug {`
`133`		`- log.Printf("[warning] TibiaDataStringToInteger: failed to parse '%s' as integer - returning 0", data)`
	`133`	`+ sanitized := strings.ReplaceAll(strings.ReplaceAll(data, "\n", "_"), "\r", "_")`
	`134`	`+ log.Printf("[warning] TibiaDataStringToInteger: failed to parse '%s' as integer - returning 0", sanitized)`
`134`	`135`	`}`
`135`	`136`	`return 0`
`136`	`137`	`}`