mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-13 22:37:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[11863] Fix possible SQL injection for .tele add command. Close pull request #22

Browse source 
Signed-off-by: Schmoozerd <schmoozerd@scriptdev2.com>
This commit is contained in:
Vinolentus 2011-10-20 20:57:56 +04:00 committed by Schmoozerd
parent 396ce3b71d
commit ad5755f8ef
2 changed files with 12 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/game/ObjectMgr.cpp
View file

@ -8075,9 +8075,14 @@ bool ObjectMgr::AddGameTele(GameTele& tele)
wstrToLower(tele.wnameLow); wstrToLower(tele.wnameLow);
m_GameTeleMap[new_id] = tele; m_GameTeleMap[new_id] = tele;
std::string safeName(tele.name);
WorldDatabase.escape_string(safeName);
return WorldDatabase.PExecuteLog("INSERT INTO game_tele (id,position_x,position_y,position_z,orientation,map,name) VALUES (%u,%f,%f,%f,%f,%u,'%s')", return WorldDatabase.PExecuteLog("INSERT INTO game_tele "
new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, tele.name.c_str()); "(id,position_x,position_y,position_z,orientation,map,name) "
"VALUES (%u,%f,%f,%f,%f,%u,'%s')",
new_id, tele.position_x, tele.position_y, tele.position_z,
tele.orientation, tele.mapId, safeName.c_str());
} }
bool ObjectMgr::DeleteGameTele(const std::string& name) bool ObjectMgr::DeleteGameTele(const std::string& name)

2
src/shared/revision_nr.h
View file

@ -1,4 +1,4 @@
#ifndef __REVISION_NR_H__ #ifndef __REVISION_NR_H__
#define __REVISION_NR_H__ #define __REVISION_NR_H__
#define REVISION_NR "11862" #define REVISION_NR "11863"
#endif // __REVISION_NR_H__ #endif // __REVISION_NR_H__