From d96b9a1380ad8ae4b7c377bee3e7e0e010b5a22a Mon Sep 17 00:00:00 2001
From: 0xb00bface <0xboobface@gmail.com>
Date: Sun, 19 Jul 2020 16:35:38 +0200
Subject: [PATCH] Escape passwords before injecting them

Escape quotes in passwords before injecting them into the external
browser, so that the injected javascript is valid and doesn't break
---
 .../java/ctbrec/ui/sites/bonga/BongaCamsElectronLoginDialog.java | 1 +
 .../main/java/ctbrec/ui/sites/cam4/Cam4ElectronLoginDialog.java  | 1 +
 .../ctbrec/ui/sites/jasmin/LiveJasminElectronLoginDialog.java    | 1 +
 .../java/ctbrec/ui/sites/showup/ShowupElectronLoginDialog.java   | 1 +
 .../ctbrec/ui/sites/stripchat/StripchatElectronLoginDialog.java  | 1 +
 5 files changed, 5 insertions(+)

diff --git a/client/src/main/java/ctbrec/ui/sites/bonga/BongaCamsElectronLoginDialog.java b/client/src/main/java/ctbrec/ui/sites/bonga/BongaCamsElectronLoginDialog.java
index 0627e4aa..21e60397 100644
--- a/client/src/main/java/ctbrec/ui/sites/bonga/BongaCamsElectronLoginDialog.java
+++ b/client/src/main/java/ctbrec/ui/sites/bonga/BongaCamsElectronLoginDialog.java
@@ -63,6 +63,7 @@ public class BongaCamsElectronLoginDialog {
                         }
                         String password = Config.getInstance().getSettings().bongaPassword;
                         if (password != null && !password.trim().isEmpty()) {
+                            password = password.replace("'", "\\'");
                             browser.executeJavaScript("$('input[name=\"log_in[password]\"]').attr('value','" + password + "')");
                         }
                         String[] simplify = new String[] {
diff --git a/client/src/main/java/ctbrec/ui/sites/cam4/Cam4ElectronLoginDialog.java b/client/src/main/java/ctbrec/ui/sites/cam4/Cam4ElectronLoginDialog.java
index 6adc8f0d..7f79ea0a 100644
--- a/client/src/main/java/ctbrec/ui/sites/cam4/Cam4ElectronLoginDialog.java
+++ b/client/src/main/java/ctbrec/ui/sites/cam4/Cam4ElectronLoginDialog.java
@@ -62,6 +62,7 @@ public class Cam4ElectronLoginDialog {
                         }
                         String password = Config.getInstance().getSettings().cam4Password;
                         if (password != null && !password.trim().isEmpty()) {
+                            password = password.replace("'", "\\'");
                             browser.executeJavaScript("document.querySelector('#loginPageForm input[name=\"password\"]').value = '" + password + "';");
                         }
                         browser.executeJavaScript("document.getElementById('footer').setAttribute('style', 'display:none');");
diff --git a/client/src/main/java/ctbrec/ui/sites/jasmin/LiveJasminElectronLoginDialog.java b/client/src/main/java/ctbrec/ui/sites/jasmin/LiveJasminElectronLoginDialog.java
index ebd97ca4..ab665a8e 100644
--- a/client/src/main/java/ctbrec/ui/sites/jasmin/LiveJasminElectronLoginDialog.java
+++ b/client/src/main/java/ctbrec/ui/sites/jasmin/LiveJasminElectronLoginDialog.java
@@ -60,6 +60,7 @@ public class LiveJasminElectronLoginDialog {
                         }
                         String password = Config.getInstance().getSettings().livejasminPassword;
                         if (password != null && !password.trim().isEmpty()) {
+                            password = password.replace("'", "\\'");
                             browser.executeJavaScript("document.querySelector('#login_form input[name=\"password\"]').value = '" + password + "';");
                         }
                         browser.executeJavaScript("document.getElementById('header_container').setAttribute('style', 'display:none');");
diff --git a/client/src/main/java/ctbrec/ui/sites/showup/ShowupElectronLoginDialog.java b/client/src/main/java/ctbrec/ui/sites/showup/ShowupElectronLoginDialog.java
index 64a56c18..28375850 100644
--- a/client/src/main/java/ctbrec/ui/sites/showup/ShowupElectronLoginDialog.java
+++ b/client/src/main/java/ctbrec/ui/sites/showup/ShowupElectronLoginDialog.java
@@ -84,6 +84,7 @@ public class ShowupElectronLoginDialog {
                         }
                         String password = Config.getInstance().getSettings().showupPassword;
                         if (password != null && !password.trim().isEmpty()) {
+                            password = password.replace("'", "\\'");
                             browser.executeJavaScript("$('input[name=\"password\"]').attr('value','" + password + "')");
                         }
                         browser.executeJavaScript("$('input[name=\"remember\"]').attr('value','true')");
diff --git a/client/src/main/java/ctbrec/ui/sites/stripchat/StripchatElectronLoginDialog.java b/client/src/main/java/ctbrec/ui/sites/stripchat/StripchatElectronLoginDialog.java
index 7eb49cc5..12c410d2 100644
--- a/client/src/main/java/ctbrec/ui/sites/stripchat/StripchatElectronLoginDialog.java
+++ b/client/src/main/java/ctbrec/ui/sites/stripchat/StripchatElectronLoginDialog.java
@@ -62,6 +62,7 @@ public class StripchatElectronLoginDialog {
                         }
                         String password = Config.getInstance().getSettings().stripchatPassword;
                         if (password != null && !password.trim().isEmpty()) {
+                            password = password.replace("'", "\\'");
                             browser.executeJavaScript("document.querySelector('#login_password').value = '" + password + "';");
                         }
                         browser.executeJavaScript("document.querySelector('#recaptcha-checkbox-border').click();");