Fix branch

CHANGELOG.md

@@ -1,5 +1,51 @@
 # Changelog
 
+## [0.8.22 - 27.01.2025]
+
+### Changed
+* Better exception handler, which clears the whole html output, so the message is better visible + better style (https://github.com/slawkens/myaac/commit/c304a9ab43bf0bda41907db3e6f65293350640a2 + https://github.com/slawkens/myaac/commit/7abc3c78334d44fb64684b26d8a305d0fe676caa)
+* Optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/7c3ebf70fa4751af986be7b46ee3530d4875271e)
+* All $cache->set calls should have $ttl (https://github.com/slawkens/myaac/commit/37ba9c7366139778d09d1316d7cb49a255165778)
+
+### Fixed
+* exception in lostaccount.php - $account->getName() (https://github.com/slawkens/myaac/commit/d390ea325e2dbfd87a830cfe40991f58e07a87a1)
+
+## [0.8.21 - 09.01.2025]
+
+### Added
+* support for button_color (red, green, blue) (https://github.com/slawkens/myaac/commit/b2c9eb474513650a014352d820602b8007eb3bf3)
+
+### Changed
+* Set default_socket_timeout for ipinfo.io checkup (https://github.com/slawkens/myaac/commit/e09fe517747e4f462c72395ede39759bf308d171)
+
+### Fixed
+* XSS in forum (https://github.com/slawkens/myaac/commit/580b888b1dd1317d7ccf5f888536159c3bfe4324)
+* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/19d3e15c114de65ef6c379e4da66d32138a0e7c4)
+* change sex wrong price deducted (https://github.com/slawkens/myaac/commit/39b19ed4c8724385ee80f7d02219e84f6b3f5d95)
+* fix for TFS 1.4.2 exception on creating character, where conditions column is NULL (https://github.com/slawkens/myaac/commit/5a68d204bb24392d424efde4133b0a3222e788bb)
+
+## [0.8.20 - 26.11.2024]
+
+Small fix regarding the latest release and the linux system.
+
+Download this one, instead of the 0.8.19 if you are using linux.
+
+If you are using 0.8.19, make this update:
+
+The fix is to make this change in the system/libs/hooks.php
+
+Change
+```
+require_once LIBS . 'src/plugins.php';
+```
+
+Into:
+```
+require_once LIBS . 'src/Plugins.php';
+```
+
+Yeah, we just changed 'p' to 'P' - that's just case-sensitive nature of linux.
+
 ## [0.8.19 - 19.11.2024]
 
 ### Added

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.8.19');
+define('MYAAC_VERSION', '0.8.22');
 define('DATABASE_VERSION', 33);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));

index.php

@@ -24,6 +24,7 @@
  * @link      https://my-aac.org
  */
 
+ob_start();
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
@@ -221,7 +222,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
+				$cache->set('last_usage_report', $value, 60 * 60);
 			}
 		}
 		else {
@@ -236,7 +237,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
+			$cache->set('last_usage_report', time(), 60 * 60);
 		}
 	}
 }

install/template/template.php

@@ -1,3 +1,4 @@
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>

nginx-sample.conf

@@ -12,10 +12,6 @@ server {
 		deny all;
 	}
 
-	location /vendor {
-		deny all;
-	}
-
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
 	location ~\.(ht|md|json|dist)$ {

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip master
+	git archive --format zip --output tmp/myaac.zip 0.8
 
 	cd tmp/ || exit
 

system/exception.php

@@ -37,12 +37,14 @@ function exception_handler($exception) {
 	}
 
 	// display beautiful error message
-	// the file is .twig.html, but its not really parsed by Twig
+	// the file is .twig.html, but it's not really parsed by Twig
 	// we just replace some values manually
 	// cause in case Twig throws exception, we can show it too
 	$content = file_get_contents($template_file);
 	$content = str_replace(array('{{ BASE_URL }}', '{{ exceptionClass }}', '{{ message }}', '{{ backtrace }}', '{{ powered_by }}'), array(BASE_URL, get_class($exception), $message, $backtrace_formatted, base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=')), $content);
 
+	@ob_clean();
+
 	echo $content;
 }
 

system/hooks.php

@@ -61,7 +61,7 @@ define('HOOK_FIRST', HOOK_STARTUP);
 define('HOOK_LAST', HOOK_EMAIL_CONFIRMED);
 
 require_once LIBS . 'plugins.php';
-require_once LIBS . 'src/plugins.php';
+require_once LIBS . 'src/Plugins.php';
 
 class Hook
 {

system/init.php

@@ -74,8 +74,8 @@ if($config_lua_reload) {
 
 	// cache config
 	if($cache->enabled()) {
-		$cache->set('config_lua', serialize($config['lua']), 120);
+		$cache->set('config_lua', serialize($config['lua']), 2 * 60);
-		$cache->set('server_path', $config['server_path']);
+		$cache->set('server_path', $config['server_path'], 10 * 60);
 	}
 }
 unset($tmp);

system/libs/pot/OTS_Player.php

@@ -108,6 +108,8 @@ class OTS_Player extends OTS_Row_DAO
 		POT::SKILL_SHIELD => array('value' => 0, 'tries' => 0),
 		POT::SKILL_FISH => array('value' => 0, 'tries' => 0)
 	);
+
+	private static array $playersOnline;
 /**
  * Magic PHP5 method.
  *
@@ -765,10 +767,18 @@ class OTS_Player extends OTS_Row_DAO
 
 	public function isOnline()
 	{
-		if($this->db->hasTable('players_online')) // tfs 1.0
+		if($this->db->hasTable('players_online')) {// tfs 1.0
-		{
+			if (!isset(self::$playersOnline)) {
-			$query = $this->db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $this->data['id']);
+				self::$playersOnline = [];
-			return $query->rowCount() > 0;
+
+				$query = $this->db->query('SELECT `player_id` FROM `players_online`');
+
+				foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $item) {
+					self::$playersOnline[$item['player_id']] = true;
+				}
+			}
+
+			return isset(self::$playersOnline[$this->data['id']]);
 		}
 
 		if( !isset($this->data['online']) )
@@ -1745,11 +1755,6 @@ class OTS_Player extends OTS_Row_DAO
  */
     public function getConditions()
     {
-        if( !isset($this->data['conditions']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
-
         return $this->data['conditions'];
     }
 

system/pages/account/change_sex.php

@@ -59,7 +59,7 @@ else
 							$new_sex_str = $config['genders'][$new_sex];
 
 						$player->save();
-						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
+						$account_logged->setCustomField('premium_points', $points - $config['account_change_character_sex_points']);
 						$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
 						$twig->display('success.html.twig', array(
 							'title' => 'Character Sex Changed',

system/pages/createaccount.php

@@ -302,7 +302,9 @@ if($config['account_country_recognize']) {
 		$country_recognized = $country_session;
 	}
 	else {
-		$info = json_decode(@file_get_contents('http://ipinfo.io/' . get_browser_real_ip() . '/geo'), true);
+		ini_set('default_socket_timeout', 5);
+
+		$info = json_decode(@file_get_contents('https://ipinfo.io/' . get_browser_real_ip() . '/geo'), true);
 		if(isset($info['country'])) {
 			$country_recognized = strtolower($info['country']);
 			setSession('country', $country_recognized);

system/pages/forum/edit_post.php

@@ -23,7 +23,7 @@ if(Forum::canPost($account_logged))
 	if(isset($thread['id']))
 	{
 		$first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
 		if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())))
 		{
 			$char_id = $post_topic = $text = $smile = $html = null;

system/pages/forum/move_thread.php

@@ -12,6 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 if(!Forum::isModerator()) {
 	echo 'You are not logged in or you are not moderator.';
+	return;
 }
 
 $save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1;

system/pages/forum/new_post.php

@@ -24,7 +24,7 @@ if(Forum::canPost($account_logged))
 
 	if(isset($thread['id']) && Forum::hasAccess($thread['section']))
 	{
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.$thread['post_topic'].'</a> >> <b>Post new reply</b><br /><h3>'.$thread['post_topic'].'</h3>';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
 		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;

system/pages/forum/show_board.php

@@ -62,7 +62,7 @@ if(isset($last_threads[0]))
 		if(Forum::isModerator())
 		{
 			echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
-			echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
+			echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.htmlspecialchars($thread['post_topic']).' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
 		}
 
 		$player->load($thread['player_id']);
@@ -73,7 +73,7 @@ if(isset($last_threads[0]))
 		$player_account = $player->getAccount();
 		$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
 
-		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])) . '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
+		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.htmlspecialchars($thread['post_topic']) . '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
 		if($thread['last_post'] > 0)
 		{
 			$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();

system/pages/lostaccount.php

@@ -93,7 +93,7 @@ elseif($action == 'sendcode')
 					$newcode = generateRandomString(30, true, false, true);
 					$mailBody = '
 					You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
-					<p>Account name: '.$account->getName().'</p>
+					<p>Account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ' ' .(USE_ACCOUNT_NAME ? $account->getName() : $account->getId()).'</p>
 					<br />
 					To do so, please click this link:
 					<p><a href="' . BASE_URL . '?subtopic=lostaccount&action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">'.BASE_URL.'/?subtopic=lostaccount&action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
@@ -150,7 +150,7 @@ elseif($action == 'step1' && $action_type == 'reckey')
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
-						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
+						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . '.<BR>
 						<FORM ACTION="?subtopic=lostaccount&action=step2" METHOD=post>
 						<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 						<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
@@ -304,21 +304,22 @@ elseif($action == 'step3')
 							if($config_salt_enabled)
 								$account->setCustomField('salt', $salt);
 
-							echo 'Your account name, new password and new e-mail.<BR>
+							echo 'Your account ' . (USE_ACCOUNT_NAME ? 'name' : 'number') . ', new password and new e-mail.<BR>
 							<FORM ACTION="?subtopic=accountmanagement" onsubmit="return validate_form(this)" METHOD=post>
 							<INPUT TYPE=hidden NAME="character" VALUE="">
 							<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
+							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ', new password and new e-mail</B></TD></TR>
 							<TR><TD BGCOLOR="'.$config['darkborder'].'">
-							Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$account->getName().'</b><BR>
+							Account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ':&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.(USE_ACCOUNT_NAME ? $account->getName() : $account->getId()).'</b><BR>
 							New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$new_pass.'</b><BR>
 							New e-mail address:&nbsp;<b>'.$new_email.'</b><BR>';
+
 							if($account->getCustomField('email_next') < time())
 							{
 								$mailBody = '
-								<h3>Your account name and new password!</h3>
+								<h3>Your account ' . (USE_ACCOUNT_NAME ? 'name' : 'number') . ' and new password!</h3>
 								<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
-								<p>Account name: <b>'.$account->getName().'</b></p>
+								<p>Account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ': <b>'.(USE_ACCOUNT_NAME ? $account->getName() : $account->getId()).'</b></p>
 								<p>New password: <b>'.$new_pass.'</b></p>
 								<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
 								<br />
@@ -326,7 +327,7 @@ elseif($action == 'step3')
 
 								if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
 								{
-									echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
+									echo '<br /><small>Sent e-mail with your account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ' and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 								}
 								else
 								{
@@ -423,7 +424,7 @@ elseif($action == 'checkcode')
 				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
+				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . '</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
 				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
@@ -497,19 +498,19 @@ elseif($action == 'setnewpassword')
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					New password:&nbsp;<b>'.$newpassword.'</b><BR />
-					Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
+					Account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ':&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
 
 					$mailBody = '
-					<h3>Your account name and password!</h3>
+					<h3>Your account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ' and password!</h3>
 					<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
-					<p>Account name: <b>'.$account->getName().'</b></p>
+					<p>Account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . ': <b>'.(USE_ACCOUNT_NAME ? $account->getName() : $account->getId()).'</b></p>
 					<p>New password: <b>'.$newpassword.'</b></p>
 					<br />
 					<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 
 					if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
 					{
-						echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
+						echo '<br /><small>New password work! Sent e-mail with your password and account ' . (USE_ACCOUNT_NAME ? 'Name' : 'Number') . '. You should receive this e-mail in 15 minutes. You can login now with new password!';
 					}
 					else
 					{

system/template.php

@@ -83,7 +83,7 @@ else {
 		unset($file);
 
 		if ($cache->enabled()) {
-			$cache->set('template_ini_' . $template_name, serialize($template_ini));
+			$cache->set('template_ini_' . $template_name, serialize($template_ini), 10 * 60);
 		}
 	}
 }

system/templates/exception.html.twig

@@ -18,8 +18,6 @@
 			font-family: Verdana, Geneva, sans-serif;
 		}
 		.center {
-			height: 500px;
-			position: absolute;
 			top:0;
 			bottom: 0;
 			left: 0;
@@ -38,7 +36,7 @@
 		}
 
 		#footer {
-			position: absolute;
+			margin-top: 20px;
 			bottom: 15px;
 			width: 100%;
 

system/templates/forum.new_post.html.twig

@@ -49,7 +49,7 @@
 <table width="100%">
 	<tr bgcolor="{{ config.vdarkborder }}">
 		<td colspan="2">
-			<span style="color: white"><b>Last 5 posts from thread: {{ topic|raw }}</b></span>
+			<span style="color: white"><b>Last 5 posts from thread: {{ topic }}</b></span>
 		</td>
 	</tr>
 	{% set i = 0 %}

templates/tibiacom/buttons.base.html.twig

@@ -1,8 +1,19 @@
-{% spaceless %}
+{% apply spaceless %}
-<div class="BigButton" style="background-image:url({{ template_path }}/images/global/buttons/button_blue.gif)">
+
+	{% set tmp_image = 'sbutton' %}
+
+	{% if button_color is defined %}
+		{% if button_color == 'green' %}
+			{% set tmp_image = 'sbutton_green' %}
+		{% elseif button_color == 'red' %}
+			{% set tmp_image = 'sbutton_red' %}
+		{% endif %}
+	{% endif %}
+
+	<div class="BigButton" style="background-image:url({{ template_path }}/images/global/buttons/{{ tmp_image }}.gif)">
 		<div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
-		<div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/{% if button_color is defined and button_color == 'green' %}button_green{% else %}button_blue_over{% endif %}.gif);" ></div>
+			<div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/{{ tmp_image }}_over.gif);" ></div>
 			<input class="BigButtonText" type="submit" value="{{ button_name }}">
 		</div>
 	</div>
-{% endspaceless %}
+{% endapply %}