mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-15 01:37:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[9196] Prevent corrupt in-game used strings by DB escaping.

Browse source
This commit is contained in:
VladimirMangos 2010-01-17 05:52:21 +03:00
parent dd27fa0f6e
commit b0809f63b2
3 changed files with 10 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/game/WorldSession.cpp
View file

@ -626,8 +626,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
CharacterDatabase.BeginTransaction ();
CharacterDatabase.PExecute("DELETE FROM account_data WHERE account='%u' AND type='%u'", acc, type);
CharacterDatabase.escape_string(data);
CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, data.c_str());
std::string safe_data = data;
CharacterDatabase.escape_string(safe_data);
CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, safe_data.c_str());
CharacterDatabase.CommitTransaction ();
}
else
@ -638,8 +639,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
CharacterDatabase.BeginTransaction ();
CharacterDatabase.PExecute("DELETE FROM character_account_data WHERE guid='%u' AND type='%u'", m_GUIDLow, type);
CharacterDatabase.escape_string(data);
CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, data.c_str());
std::string safe_data = data;
CharacterDatabase.escape_string(safe_data);
CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, safe_data.c_str());
CharacterDatabase.CommitTransaction ();
}