Refine workshop validation checks and table-name sanitization

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/1575c81b-f8a7-433a-8f3b-e068c0992c18 Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
2026-05-08 13:00:18 +00:00 · 2026-05-08 13:00:18 +00:00 · fff379edd8
commit fff379edd8
parent 72668cdfbe
3 changed files with 18 additions and 3 deletions
--- a/modules/steam_workshop/agent_update_workshop.php
+++ b/modules/steam_workshop/agent_update_workshop.php
@ -354,6 +354,9 @@ function sw_agent_steamcmd_download(array $mod, array $profile, array $tpl_vars,

    // Validate that steamcmd exists
    if (!$dry_run) {
+        if (!is_file($steamcmd)) {
+            return array('ok' => false, 'error' => "SteamCMD not found: $steamcmd");
+        }
        if (!is_executable($steamcmd)) {
            return array('ok' => false, 'error' => "SteamCMD is not executable: $steamcmd");
        }
--- a/modules/steam_workshop/module.php
+++ b/modules/steam_workshop/module.php
@ -36,14 +36,19 @@ if (!function_exists('sw_module_db_prefix')) {
 if (!function_exists('sw_module_table')) {
    function sw_module_table($table)
    {
-        return '`' . sw_module_db_prefix() . $table . '`';
+        return '`' . sw_module_table_name($table) . '`';
    }
 }

 if (!function_exists('sw_module_table_name')) {
    function sw_module_table_name($table)
    {
-        return sw_module_db_prefix() . $table;
+        $prefix = preg_replace('/[^a-zA-Z0-9_]/', '', (string)sw_module_db_prefix());
+        $name = preg_replace('/[^a-zA-Z0-9_]/', '', (string)$table);
+        if ($prefix === '') {
+            $prefix = 'gsp_';
+        }
+        return $prefix . $name;
    }
 }

--- a/modules/steam_workshop/user.php
+++ b/modules/steam_workshop/user.php
@ -476,6 +476,14 @@ function sw_user_render($db, $home_id, array $home, array $profile)
        </thead>
        <tbody>
        <?php foreach ($mods as $idx => $mod): ?>
+          <?php
+          $shortError = '';
+          if (!empty($mod['last_error'])) {
+              $shortError = (strlen($mod['last_error']) > 70)
+                  ? (substr($mod['last_error'], 0, 67) . '...')
+                  : $mod['last_error'];
+          }
+          ?>
          <tr style="<?= !$mod['enabled'] ? 'opacity:0.55;' : '' ?>">
            <td><?= $idx + 1 ?></td>
            <td style="font-family:monospace;"><?= sw_h($mod['workshop_id']) ?></td>
@ -518,7 +526,6 @@ function sw_user_render($db, $home_id, array $home, array $profile)
              ?>
            </td>
            <td><?= !empty($mod['last_updated_at']) ? sw_h($mod['last_updated_at']) : '-' ?></td>
-            <?php $shortError = !empty($mod['last_error']) ? (strlen($mod['last_error']) > 70 ? (substr($mod['last_error'], 0, 67) . '...') : $mod['last_error']) : ''; ?>
            <td title="<?= sw_h($mod['last_error'] ?? '') ?>"><?= $shortError !== '' ? sw_h($shortError) : '-' ?></td>
            <td style="white-space:nowrap;">
              <form method="post" action="<?= sw_h($base_url) ?>" style="display:inline;">