pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2026-03-04 00:02:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SQL Injection fix on inspect message setting

Browse Source
This commit is contained in:
KimLS 2014-09-06 16:43:36 -07:00
parent 986a424322
commit ffed5a9e22
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/shareddb.cpp
View File

@ -2148,7 +2148,8 @@ void SharedDatabase::SetPlayerInspectMessage(char* playername, const InspectMess
char errbuf[MYSQL_ERRMSG_SIZE]; char errbuf[MYSQL_ERRMSG_SIZE];
char *query = 0; char *query = 0;
if (!RunQuery(query, MakeAnyLenString(&query, "UPDATE character_ SET inspectmessage='%s' WHERE name='%s'", message->text, playername), errbuf)) { std::string msg = EscapeString(message->text);
if (!RunQuery(query, MakeAnyLenString(&query, "UPDATE character_ SET inspectmessage='%s' WHERE name='%s'", msg.c_str(), playername), errbuf)) {
std::cerr << "Error in SetPlayerInspectMessage query '" << query << "' " << errbuf << std::endl; std::cerr << "Error in SetPlayerInspectMessage query '" << query << "' " << errbuf << std::endl;
} }
@ -2183,7 +2184,8 @@ void SharedDatabase::SetBotInspectMessage(uint32 botid, const InspectMessage_Str
char errbuf[MYSQL_ERRMSG_SIZE]; char errbuf[MYSQL_ERRMSG_SIZE];
char *query = 0; char *query = 0;
if (!RunQuery(query, MakeAnyLenString(&query, "UPDATE bots SET BotInspectMessage='%s' WHERE BotID=%i", message->text, botid), errbuf)) { std::string msg = EscapeString(message->text);
if (!RunQuery(query, MakeAnyLenString(&query, "UPDATE bots SET BotInspectMessage='%s' WHERE BotID=%i", msg.c_str(), botid), errbuf)) {
std::cerr << "Error in SetBotInspectMessage query '" << query << "' " << errbuf << std::endl; std::cerr << "Error in SetBotInspectMessage query '" << query << "' " << errbuf << std::endl;
} }