pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2025-12-12 09:31:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

* AddReport's who and against strings were not being escaped properly.

Browse Source
This commit is contained in:
Tim DeLong 2015-12-30 11:42:49 -05:00
parent 7045581fdc
commit fe61abc3cd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/database.cpp
View File

@ -1564,7 +1564,7 @@ void Database::AddReport(std::string who, std::string against, std::string lines
char *escape_str = new char[lines.size()*2+1]; char *escape_str = new char[lines.size()*2+1];
DoEscapeString(escape_str, lines.c_str(), lines.size()); DoEscapeString(escape_str, lines.c_str(), lines.size());
std::string query = StringFormat("INSERT INTO reports (name, reported, reported_text) VALUES('%s', '%s', '%s')", who.c_str(), against.c_str(), escape_str); std::string query = StringFormat("INSERT INTO reports (name, reported, reported_text) VALUES('%s', '%s', '%s')", EscapeString(who).c_str(), EscapeString(against).c_str(), escape_str);
QueryDatabase(query); QueryDatabase(query);
safe_delete_array(escape_str); safe_delete_array(escape_str);
} }