1 files changed, 5 insertions, 0 deletions

diff --git a/src/emap/script_buildins.c b/src/emap/script_buildins.c
index e9b8006..177b65c 100644
--- a/src/emap/script_buildins.c
+++ b/src/emap/script_buildins.c
@@ -3155,6 +3155,7 @@ BUILDIN(debugmes)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowDebug("script debug : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3175,6 +3176,7 @@ BUILDIN(consolewarn)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowWarning("script warning : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3195,6 +3197,7 @@ BUILDIN(consolebug)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowError("script error : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);
@@ -3215,7 +3218,9 @@ BUILDIN(consoleinfo)
 		return false;
 	}
 
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowDebug("script notice : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
+    // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
 	ShowNotice("%s\n", StrBuf->Value(&buf));
 	StrBuf->Destroy(&buf);
 	script_pushint(st, 1);