pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2026-03-29 12:32:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[Bug] Escape item name in trader audit. (#3540)

Browse Source 
* [Bug] Escape item name in trader audit.

Quick fix to escape the item names in Trader Audit.

* Update trading.cpp

---------

Co-authored-by: Alex King <89047260+Kinglykrab@users.noreply.github.com>
This commit is contained in:
Fryguy 2023-08-12 21:47:22 -04:00 committed by GitHub
parent 2bb7bba724
commit 730738faf9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
zone/trading.cpp
View File

@ -1459,10 +1459,17 @@ void Client::TradeRequestFailed(const EQApplicationPacket* app) {
static void BazaarAuditTrail(const char *seller, const char *buyer, const char *itemName, int quantity, int totalCost, int tranType) { static void BazaarAuditTrail(const char *seller, const char *buyer, const char *itemName, int quantity, int totalCost, int tranType) {
std::string query = StringFormat("INSERT INTO `trader_audit` " const std::string& query = fmt::format(
"(`time`, `seller`, `buyer`, `itemname`, `quantity`, `totalcost`, `trantype`) " "INSERT INTO `trader_audit` "
"VALUES (NOW(), '%s', '%s', '%s', %i, %i, %i)", "(`time`, `seller`, `buyer`, `itemname`, `quantity`, `totalcost`, `trantype`) "
seller, buyer, itemName, quantity, totalCost, tranType); "VALUES (NOW(), '{}', '{}', '{}', {}, {}, {})",
seller,
buyer,
Strings::Escape(itemName),
quantity,
totalCost,
tranType
);
database.QueryDatabase(query); database.QueryDatabase(query);
} }