From 92bfb59effff9343fb877939ba9d2ce919cb1f40 Mon Sep 17 00:00:00 2001
From: TheEssem <smswessem@gmail.com>
Date: Mon, 27 Jan 2020 16:04:10 -0600
Subject: [PATCH] Security fix for meme

---
 commands/meme.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/commands/meme.js b/commands/meme.js
index f82dd27..49d96e5 100644
--- a/commands/meme.js
+++ b/commands/meme.js
@@ -16,9 +16,9 @@ exports.run = async (message, args) => {
     if (error) throw error;
     gm(file).size((error, size) => {
       if (error) throw error;
-      gm().out("-size", size.width).background("none").gravity("Center").out("(", "(").font("Impact").out("-pointsize", 40).out(`pango:<span foreground='white'>${topText.toUpperCase()}</span>`).out(")", "(", "+clone").out("-channel", "A").out("-morphology", "EdgeOut", "Octagon", "+channel", "+level-colors", "black", ")").compose("DstOver").out(")", "-composite").write(file2, (error) => {
+      gm().out("-size", size.width).background("none").gravity("Center").out("(", "(").font("Impact").out("-pointsize", 40).out(`pango:<span foreground='white'>${topText.toUpperCase().replace(/&/g, "\\&amp;").replace(/>/g, "\\&gt;").replace(/</g, "\\&lt;").replace(/"/g, "\\&quot;").replace(/'/g, "\\&apos;")}</span>`).out(")", "(", "+clone").out("-channel", "A").out("-morphology", "EdgeOut", "Octagon", "+channel", "+level-colors", "black", ")").compose("DstOver").out(")", "-composite").write(file2, (error) => {
         if (error) throw error;
-        gm().out("-size", size.width).background("none").gravity("Center").out("(", "(").font("Impact").out("-pointsize", 40).out(`pango:<span foreground='white'>${bottomText ? bottomText.toUpperCase() : " "}</span>`).out(")", "(", "+clone").out("-channel", "A").out("-morphology", "EdgeOut", "Octagon", "+channel", "+level-colors", "black", ")").compose("DstOver").out(")", "-composite").write(file3, async (error) => {
+        gm().out("-size", size.width).background("none").gravity("Center").out("(", "(").font("Impact").out("-pointsize", 40).out(`pango:<span foreground='white'>${bottomText ? bottomText.toUpperCase().replace(/&/g, "\\&amp;").replace(/>/g, "\\&gt;").replace(/</g, "\\&lt;").replace(/"/g, "\\&quot;").replace(/'/g, "\\&apos;") : " "}</span>`).out(")", "(", "+clone").out("-channel", "A").out("-morphology", "EdgeOut", "Octagon", "+channel", "+level-colors", "black", ")").compose("DstOver").out(")", "-composite").write(file3, async (error) => {
           if (error) throw error;
           const data = gm(file).coalesce().out("null:").gravity("North").out(file2).out("-layers", "composite").out("null:").gravity("South").out(file3).out("-layers", "composite").out("-layers", "optimize");
           const resultBuffer = await gmToBuffer(data);