-
Posts
6 -
Joined
-
Last visited
-
Feedback
0%
Content Type
Forums
Store
Third Party - Providers Directory
Feature Plan
Release Notes
Docs
Events
Posts posted by misterioso
-
-
28 minutes ago, MORTE said:
Yes.
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{[...]
static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));
std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(),__escape_name));[...]
}
This is not necessary because the function "check_name" already check if is an alphanumeric data.
So you can use the "normal version":
std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), gcp.name));- 1
-
Have you used any fix for "injection" in guild_manager.cpp ?
If yes the problem is in CGuildManager::CreateGuild because the input is already checked by function check_name and you don't need any"fix".
- 1
-
I'm happy... Finally someone appreciates my small tool... >.<
In the original forum nobody said anything about it and for this reason I didn't post in other forums.
Thank you for sharing,
Misterioso
- 2
-
UP...
We're waiting you
-
Dear users,
Monday 18.07.2016 at 16:00 (CEST) ----> Kill4Fun, a semi FunPvP, started.
Useful Information:
WebSite: https://kill4fun.xyz
Forum: https://kill4fun.xyz/forum
Support E-Mail: [email protected]
Download client:Presentation (95% translated from italian):
Kind Regards,
Misterioso
BUg guild with duplicate name
in Community Support - Questions & Answers
Posted
Yes because the input is already checked:
if (!check_name(gcp.name))
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<±æµå> ±æµå À̸§ÀÌ ÀûÇÕÇÏÁö ¾Ê½À´Ï´Ù."));
return 0;
}