From 9d3e3945b237b15a43f9a0f2fd3caccfbaf06f30 Mon Sep 17 00:00:00 2001
From: BodgeMaster <>
Date: Wed, 8 Apr 2020 03:02:54 +0200
Subject: [PATCH] fixed invalid escape string

---
 variable_grabbler.pass1.json | 2 +-
 variable_grabbler.pass2.json | 2 +-
 variable_grabbler.py         | 7 ++++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/variable_grabbler.pass1.json b/variable_grabbler.pass1.json
index 406a53f..e70ad73 100644
--- a/variable_grabbler.pass1.json
+++ b/variable_grabbler.pass1.json
@@ -1,4 +1,4 @@
 {
 "STYLESHEET":"<link rel=\"stylesheet\" type=\"text\/css\" href=\"%CONTENT_DIR%\/style.css\">",
-"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/lostcave.ddnss.de%CONTENT_DIR%\/login\/\?error=session\"); die(); }"
+"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/lostcave.ddnss.de%CONTENT_DIR%\/login\/\\?error=session\"); die(); }"
 }
diff --git a/variable_grabbler.pass2.json b/variable_grabbler.pass2.json
index 05ed073..0289b9a 100644
--- a/variable_grabbler.pass2.json
+++ b/variable_grabbler.pass2.json
@@ -1,6 +1,6 @@
 {
 "CONTENT_DIR":"/common/threadr",
-"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://lostcave.ddnss.de/common/threadr/login/\?error=session\"); die();}}",
+"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://lostcave.ddnss.de/common/threadr/login/\\?error=session\"); die();}}",
 "SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }",
 "PLEAZE_NO_CACHE":"header('Cache-Control: no-cache, no-store, must-revalidate');header('Pragma: no-cache');header('Expires: 0');",
 "FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();",
diff --git a/variable_grabbler.py b/variable_grabbler.py
index f856b81..f0bb37c 100644
--- a/variable_grabbler.py
+++ b/variable_grabbler.py
@@ -6,9 +6,10 @@ Variable Grabbler - version 4.0_pre1
 ################################################################
 # Changes in this version:
 #===============================================================
-# *"\?" in a variable will now be replaced with a simple ? before
-#  processing
-# *commands are now not run over and over again fi not needed
+# *"\?" in a variable will now be replaced with a simple ?
+#  before processing, remember to double escape that because
+#  json (=> \\?)
+# *commands are now not run over and over again if not needed
 #
 
 ################################################################