pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2025-12-18 11:21:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[Bug Fix] Spell Buckets/Globals SQL Escape. (#2019)

Browse Source
This commit is contained in:
Kinglykrab 2022-02-26 10:17:05 -05:00 committed by GitHub
parent 14648b96c4
commit 9f0989ee2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 62 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
zone/spells.cpp
View File

@ -5478,31 +5478,36 @@ bool Client::SpellGlobalCheck(uint16 spell_id, uint32 char_id) {
std::string spell_global_name; std::string spell_global_name;
int spell_global_value; int spell_global_value;
int global_value; int global_value;
std::string query = StringFormat("SELECT qglobal, value FROM spell_globals WHERE spellid = %i", spell_id); std::string query = fmt::format("SELECT qglobal, value FROM spell_globals WHERE spellid = {}", spell_id);
auto results = database.QueryDatabase(query); auto results = database.QueryDatabase(query);
if (!results.Success()) { if (!results.Success()) {
return false; // Query failed, so prevent spell from scribing just in case return false; // Query failed, do not allow scribing.
} }
if (results.RowCount() != 1) if (!results.RowCount()) {
return true; // Spell ID isn't listed in the spells_global table, so it is not restricted from scribing return true; // Spell ID isn't listed in the spell_globals table, allow scribing,
}
auto row = results.begin(); auto row = results.begin();
spell_global_name = row[0]; spell_global_name = row[0];
spell_global_value = atoi(row[1]); spell_global_value = std::stoi(row[1]);
if (spell_global_name.empty()) if (spell_global_name.empty()) {
return true; // If the entry in the spell_globals table has nothing set for the qglobal name return true; // If the entry in the spell_globals table has nothing set for the qglobal name, allow scribing.
}
query = fmt::format(
"SELECT value FROM quest_globals WHERE charid = {} AND name = '{}'",
char_id,
EscapeString(spell_global_name)
);
query = StringFormat("SELECT value FROM quest_globals "
"WHERE charid = %i AND name = '%s'",
char_id, spell_global_name.c_str());
results = database.QueryDatabase(query); results = database.QueryDatabase(query);
if (!results.Success()) { if (!results.Success()) {
LogError( LogError(
"Spell ID [{}] query of spell_globals with Name: [{}] Value: [{}] failed", "Spell ID [{}] query of spell_globals with Name: [{}] Value: [{}] failed",
spell_id, spell_id,
spell_global_name.c_str(), spell_global_name,
spell_global_value spell_global_value
); );
@ -5513,27 +5518,24 @@ bool Client::SpellGlobalCheck(uint16 spell_id, uint32 char_id) {
LogError( LogError(
"Char ID: [{}] does not have the Qglobal Name: [{}] for Spell ID [{}]", "Char ID: [{}] does not have the Qglobal Name: [{}] for Spell ID [{}]",
char_id, char_id,
spell_global_name.c_str(), spell_global_name,
spell_id spell_id
); );
return false; return false;
} }
row = results.begin(); row = results.begin();
global_value = atoi(row[0]); global_value = std::stoi(row[0]);
if (global_value == spell_global_value) { if (global_value >= spell_global_value) { // If value is greater than or equal to spell global value, allow scribing.
return true; // If the values match from both tables, allow the spell to be scribed
}
else if (global_value > spell_global_value) {
return true; return true;
} // Check if the qglobal value is greater than the require spellglobal value }
// If no matching result found in qglobals, don't scribe this spell // If user's qglobal does not meet requirements, do not allow scribing.
LogError( LogError(
"Char ID: [{}] SpellGlobals Name: [{}] Value: [{}] did not match QGlobal Value: [{}] for Spell ID [{}]", "Char ID: [{}] SpellGlobals Name: [{}] Value: [{}] did not match QGlobal Value: [{}] for Spell ID [{}]",
char_id, char_id,
spell_global_name.c_str(), spell_global_name,
spell_global_value, spell_global_value,
global_value, global_value,
spell_id spell_id
@ -5546,26 +5548,35 @@ bool Client::SpellBucketCheck(uint16 spell_id, uint32 char_id) {
std::string spell_bucket_name; std::string spell_bucket_name;
int spell_bucket_value; int spell_bucket_value;
int bucket_value; int bucket_value;
std::string query = StringFormat("SELECT `key`, value FROM spell_buckets WHERE spellid = %i", spell_id); std::string query = fmt::format("SELECT `key`, value FROM spell_buckets WHERE spellid = {}", spell_id);
auto results = database.QueryDatabase(query); auto results = database.QueryDatabase(query);
if (!results.Success()) if (!results.Success()) {
return false; return false; // Query failed, do not allow scribing.
}
if (results.RowCount() != 1) if (!results.RowCount()) {
return true; return true; // Spell ID isn't listed in the spell_buckets table, allow scribing.
}
auto row = results.begin(); auto row = results.begin();
spell_bucket_name = row[0]; spell_bucket_name = row[0];
spell_bucket_value = atoi(row[1]); spell_bucket_value = std::stoi(row[1]);
if (spell_bucket_name.empty())
return true; if (spell_bucket_name.empty()) {
return true; // If the entry in the spell_buckets table has nothing set for the qglobal name, allow scribing.
}
query = fmt::format(
"SELECT value FROM data_buckets WHERE `key` = '{}-{}'",
char_id,
EscapeString(spell_bucket_name)
);
query = StringFormat("SELECT value FROM data_buckets WHERE `key` = '%i-%s'", char_id, spell_bucket_name.c_str());
results = database.QueryDatabase(query); results = database.QueryDatabase(query);
if (!results.Success()) { if (!results.Success()) {
LogError( LogError(
"Spell bucket [{}] for spell ID [{}] for char ID [{}] failed", "Spell bucket [{}] for spell ID [{}] for char ID [{}] failed",
spell_bucket_name.c_str(), spell_bucket_name,
spell_id, spell_id,
char_id char_id
); );
@ -5576,7 +5587,7 @@ bool Client::SpellBucketCheck(uint16 spell_id, uint32 char_id) {
if (results.RowCount() != 1) { if (results.RowCount() != 1) {
LogError( LogError(
"Spell bucket [{}] does not exist for spell ID [{}] for char ID [{}]", "Spell bucket [{}] does not exist for spell ID [{}] for char ID [{}]",
spell_bucket_name.c_str(), spell_bucket_name,
spell_id, spell_id,
char_id char_id
); );
@ -5584,18 +5595,22 @@ bool Client::SpellBucketCheck(uint16 spell_id, uint32 char_id) {
return false; return false;
} }
row = results.begin(); row = results.begin();
bucket_value = std::stoi(row[0]);
if (bucket_value >= spell_bucket_value) { // If value is greater than or equal to spell bucket value, allow scribing.
return true;
}
bucket_value = atoi(row[0]); // If user's data bucket does not meet requirements, do not allow scribing.
LogError(
"Spell bucket [{}] for spell ID [{}] for char ID [{}] did not match value [{}]",
spell_bucket_name,
spell_id,
char_id,
spell_bucket_value
);
if (bucket_value == spell_bucket_value) return false;
return true; // If the values match from both tables, allow the spell to be scribed
else if (bucket_value > spell_bucket_value)
return true; // Check if the data bucket value is greater than the required spell bucket value
// If no matching result found in spell buckets, don't scribe this spell
LogError("Spell bucket [{}] for spell ID [{}] for char ID [{}] did not match value [{}]", spell_bucket_name.c_str(), spell_id, char_id, spell_bucket_value);
return false;
} }
// TODO get rid of this // TODO get rid of this