1 files changed, 26 insertions, 0 deletions

diff --git a/src/server/game/Handlers/TicketHandler.cpp b/src/server/game/Handlers/TicketHandler.cpp
index 17ebabb333..b7485443a8 100644
--- a/src/server/game/Handlers/TicketHandler.cpp
+++ b/src/server/game/Handlers/TicketHandler.cpp
@@ -61,6 +61,11 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
         recvData >> x >> y >> z;
         recvData >> message;
 
+        if (!ValidateHyperlinksAndMaybeKick(message))
+        {
+            return;
+        }
+
         recvData >> needResponse;
         recvData >> needMoreHelp;
 
@@ -96,6 +101,11 @@ void WorldSession::HandleGMTicketCreateOpcode(WorldPacket& recvData)
             recvData.rfinish(); // Will still have compressed data in buffer.
         }
 
+        if (!chatLog.empty() && !ValidateHyperlinksAndMaybeKick(chatLog))
+        {
+            return;
+        }
+
         ticket = new GmTicket(GetPlayer());
         ticket->SetPosition(mapId, x, y, z);
         ticket->SetMessage(message);
@@ -122,6 +132,11 @@ void WorldSession::HandleGMTicketUpdateOpcode(WorldPacket& recv_data)
     std::string message;
     recv_data >> message;
 
+    if (!ValidateHyperlinksAndMaybeKick(message))
+    {
+        return;
+    }
+
     GMTicketResponse response = GMTICKET_RESPONSE_UPDATE_ERROR;
     if (GmTicket* ticket = sTicketMgr->GetTicketByPlayer(GetPlayer()->GetGUID()))
     {
@@ -187,6 +202,7 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
 
     std::unordered_set<uint32> surveyIds;
     CharacterDatabaseTransaction trans = CharacterDatabase.BeginTransaction();
+
     // sub_survey1, r1, comment1, sub_survey2, r2, comment2, sub_survey3, r3, comment3, sub_survey4, r4, comment4, sub_survey5, r5, comment5, sub_survey6, r6, comment6, sub_survey7, r7, comment7, sub_survey8, r8, comment8, sub_survey9, r9, comment9, sub_survey10, r10, comment10,
     for (uint8 i = 0; i < 10; i++)
     {
@@ -200,6 +216,11 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
         std::string comment; // comment ("Usage: GMSurveyAnswerSubmit(question, rank, comment)")
         recv_data >> comment;
 
+        if (!ValidateHyperlinksAndMaybeKick(comment))
+        {
+            return;
+        }
+
         // make sure the same sub survey is not added to DB twice
         if (!surveyIds.insert(subSurveyId).second)
             continue;
@@ -215,6 +236,11 @@ void WorldSession::HandleGMSurveySubmit(WorldPacket& recv_data)
     std::string comment; // just a guess
     recv_data >> comment;
 
+    if (!ValidateHyperlinksAndMaybeKick(comment))
+    {
+        return;
+    }
+
     CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_GM_SURVEY);
     stmt->setUInt32(0, GetPlayer()->GetGUID().GetCounter());
     stmt->setUInt32(1, nextSurveyID);