From f96507c0ed31c045f9c888b66825cb2c7d1d64f5 Mon Sep 17 00:00:00 2001
From: darknoon29 <darknoon@darkcity.fr>
Date: Wed, 5 Feb 2020 13:54:36 +0100
Subject: [PATCH 1/2] Escape " in JSON Arrays

---
 install.php | 4 ++--
 update.php  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/install.php b/install.php
index 15e313b..4f3bd23 100644
--- a/install.php
+++ b/install.php
@@ -46,11 +46,11 @@
 $db->sql_query($query);
 
 // on insère les valeurs de configuration par défaut
-$sqldata = '{"transp":75,"layer":1,"defenseur":1,"histo":1}';
+$sqldata = '{\"transp\":75,\"layer\":1,\"defenseur\":1,\"histo\":1}';
 mod_set_option('config', $sqldata);
 
 // on insère les valeurs bbcodes par défaut
-$sqldata = '{"title":"#FFA500","m_g":"#00FF40","c_g":"#00FF40","d_g":"#00FF40","m_r":"#00FF40","c_r":"#00FF40","perte":"#FF0000","renta":"#00FF40"}';
+$sqldata = '{\"title\":\"#FFA500\",\"m_g\":\"#00FF40\",\"c_g\":\"#00FF40\",\"d_g\":\"#00FF40\",\"m_r\":\"#00FF40\",\"c_r\":\"#00FF40\",\"perte\":\"#FF0000\",\"renta\":\"#00FF40\"}';
 mod_set_option('bbcodes', $sqldata);
 
 //On vérifie que la table xtense_callbacks existe (Xtense2)
diff --git a/update.php b/update.php
index 68c463b..1c5e98e 100755
--- a/update.php
+++ b/update.php
@@ -34,11 +34,11 @@
 if (version_compare( $version , '2.0.0.', '<')) {
 
     // on insère les valeurs de configuration par défaut car changement de format de données
-    $sqldata = '{"transp":75,"layer":1,"defenseur":1,"histo":1}';
+    $sqldata = '{\"transp\":75,\"layer\":1,\"defenseur\":1,\"histo\":1}';
     mod_set_option('config', $sqldata);
 
 // on insère les valeurs bbcodes par défaut
-    $sqldata = '{"title":"#FFA500","m_g":"#00FF40","c_g":"#00FF40","d_g":"#00FF40","m_r":"#00FF40","c_r":"#00FF40","perte":"#FF0000","renta":"#00FF40"}';
+    $sqldata = '{\"title\":\"#FFA500\",\"m_g\":\"#00FF40\",\"c_g\":\"#00FF40\",\"d_g\":\"#00FF40\",\"m_r\":\"#00FF40\",\"c_r\":\"#00FF40\",\"perte\":\"#FF0000\",\"renta\":\"#00FF40\"}';
     mod_set_option('bbcodes', $sqldata);
 }
 

From 6bb537be1cc00562911f286360ccf87b77f5cd23 Mon Sep 17 00:00:00 2001
From: darknoon29 <darknoon@darkcity.fr>
Date: Wed, 12 Feb 2020 10:35:03 +0100
Subject: [PATCH 2/2] Correctif Callback Xtense

---
 _xtense.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/_xtense.php b/_xtense.php
index 54484cb..2bf0754 100644
--- a/_xtense.php
+++ b/_xtense.php
@@ -74,7 +74,7 @@ function attack_rc($rapport)
         return FALSE;
 
     //On regarde dans les coordonnées de l'espace personnel du joueur qui insère les données via le plugin si il fait partie des attaquants et/ou des défenseurs
-    $query = "SELECT coordinates FROM " . TABLE_USER_BUILDING . " WHERE user_id='" . $user_data['user_id'] . "'";
+    $query = "SELECT `coordinates` FROM " . TABLE_USER_BUILDING . " WHERE `user_id` ='" . $user_data['user_id'] . "'";
     $result = $db->sql_query($query);
     $coordinates = array();
     while ($coordinate = $db->sql_fetch_row($result))
@@ -130,7 +130,7 @@ function attack_rc($rapport)
         }
 
         //On vérifie que cette attaque n'a pas déja été enregistrée
-        $query = "SELECT attack_id FROM " . TABLE_ATTAQUES_ATTAQUES . " WHERE attack_user_id='" . $user_data['user_id'] . "' AND attack_date='$timestamp' AND attack_coord='$coord_attaque' ";
+        $query = "SELECT `attack_id` FROM " . TABLE_ATTAQUES_ATTAQUES . " WHERE `attack_user_id` ='" . $user_data['user_id'] . "' AND `attack_date`='$timestamp' AND `attack_coord`='$coord_attaque' ";
         $result = $db->sql_query($query);
         $nb = $db->sql_numrows($result);
 
@@ -162,7 +162,7 @@ function attack_rr($rapport)
         $timestamp = $rapport['time'];
         $coordonne = $rapport['coords'][0] . ":" . $rapport['coords'][1] . ":" . $rapport['coords'][2];
         //On vérifie que ce recyclage n'a pas déja été enregistrée
-        $query = "SELECT recy_id FROM " . TABLE_ATTAQUES_RECYCLAGES . " WHERE recy_user_id='" . $user_data['user_id'] . "' AND recy_date='$timestamp' AND recy_coord='$coordonne' ";
+        $query = "SELECT `recy_id` FROM " . TABLE_ATTAQUES_RECYCLAGES . " WHERE `recy_user_id` ='" . $user_data['user_id'] . "' AND `recy_date` ='$timestamp' AND `recy_coord` ='$coordonne' ";
         $result = $db->sql_query($query);
         $nb = $db->sql_numrows($result);
         // Si on ne trouve rien
@@ -182,8 +182,8 @@ function read_config ()
     global $attack_config;
     
     //récupération des paramètres de config
-    var $configs = mod_get_option('config');
-    foreach($configs as $config) $attack_config = unserialize($config);
+    $configs = mod_get_option('config');
+    foreach($configs as $config) $attack_config = json_decode($config);
 }
 
 /*