mangos-mirror/server
0
0
Fork 0
mirror of https://github.com/mangosfour/server.git synced 2025-12-16 22:37:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[9196] Prevent corrupt in-game used strings by DB escaping.

Browse source
This commit is contained in:
VladimirMangos 2010-01-17 05:52:21 +03:00
parent dd27fa0f6e
commit b0809f63b2
3 changed files with 10 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/game/SocialMgr.cpp
View file

@ -114,8 +114,9 @@ void PlayerSocial::SetFriendNote(uint32 friend_guid, std::string note)
utf8truncate(note,48); // DB and client size limitation utf8truncate(note,48); // DB and client size limitation
CharacterDatabase.escape_string(note); std::string safe_note = note;
CharacterDatabase.PExecute("UPDATE character_social SET note = '%s' WHERE guid = '%u' AND friend = '%u'", note.c_str(), GetPlayerGUID(), friend_guid); CharacterDatabase.escape_string(safe_note);
CharacterDatabase.PExecute("UPDATE character_social SET note = '%s' WHERE guid = '%u' AND friend = '%u'", safe_note.c_str(), GetPlayerGUID(), friend_guid);
m_playerSocialMap[friend_guid].Note = note; m_playerSocialMap[friend_guid].Note = note;
} }

10
src/game/WorldSession.cpp
View file

@ -626,8 +626,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
CharacterDatabase.BeginTransaction (); CharacterDatabase.BeginTransaction ();
CharacterDatabase.PExecute("DELETE FROM account_data WHERE account='%u' AND type='%u'", acc, type); CharacterDatabase.PExecute("DELETE FROM account_data WHERE account='%u' AND type='%u'", acc, type);
CharacterDatabase.escape_string(data); std::string safe_data = data;
CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, data.c_str()); CharacterDatabase.escape_string(safe_data);
CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, safe_data.c_str());
CharacterDatabase.CommitTransaction (); CharacterDatabase.CommitTransaction ();
} }
else else
@ -638,8 +639,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
CharacterDatabase.BeginTransaction (); CharacterDatabase.BeginTransaction ();
CharacterDatabase.PExecute("DELETE FROM character_account_data WHERE guid='%u' AND type='%u'", m_GUIDLow, type); CharacterDatabase.PExecute("DELETE FROM character_account_data WHERE guid='%u' AND type='%u'", m_GUIDLow, type);
CharacterDatabase.escape_string(data); std::string safe_data = data;
CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, data.c_str()); CharacterDatabase.escape_string(safe_data);
CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, safe_data.c_str());
CharacterDatabase.CommitTransaction (); CharacterDatabase.CommitTransaction ();
} }

2
src/shared/revision_nr.h
View file

@ -1,4 +1,4 @@
#ifndef __REVISION_NR_H__ #ifndef __REVISION_NR_H__
#define __REVISION_NR_H__ #define __REVISION_NR_H__
#define REVISION_NR "9195" #define REVISION_NR "9196"
#endif // __REVISION_NR_H__ #endif // __REVISION_NR_H__