I don't know how to squash this security vulnerability, so mark where it is.

No fix was detected upstream*. Vulnerability only happens when printing
unsanitzed user input. I'll try to contact 4144, but he is MIA since May,
might have been swallowed by the war, so if he doesn't reply I'll hunt someone
else to test it in Hercules upstream.

*: Naturally, I at very least cherry-pick any security fix they commit and I see

1 files changed, 5 insertions, 0 deletions

diff --git a/src/emap/script_buildins.c b/src/emap/script_buildins.c
index e9b8006..177b65c 100644
--- a/src/emap/script_buildins.c
+++ b/src/emap/script_buildins.c
@@ -3155,6 +3155,7 @@ BUILDIN(debugmes)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowDebug("script debug : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3175,6 +3176,7 @@ BUILDIN(consolewarn)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowWarning("script warning : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3195,6 +3197,7 @@ BUILDIN(consolebug)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowError("script error : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3215,7 +3218,9 @@ BUILDIN(consoleinfo)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowDebug("script notice : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowNotice("%s\n", StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);