IonutRO 934 Posted February 27, 2016 Share Posted February 27, 2016 Search in char.cpp : if (CBanwordManager::instance().CheckString(m_stShopSign.c_str(), m_stShopSign.length())){ChatPacket(CHAT_TYPE_INFO, LC_TEXT("비속어나 은어가 포함된 상점 이름으로 상점을 열 수 없습니다."));return;} Add : if (CBanwordManager::instance().CheckString(m_stOfflineShopSign.c_str(), m_stOfflineShopSign.length())){ChatPacket(CHAT_TYPE_INFO, ("Doar litere si cifre in numele shop-ului."));return;} Now open player->banwords and add characters % & .... (Who wants to buy the best solution to ken ) 1 Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4858 Posted February 27, 2016 Bot Share Posted February 27, 2016 Is that the only sql-injection or exploit the released version of the offline-shop has? Link to comment Share on other sites More sharing options...
IonutRO 934 Posted February 27, 2016 Author Share Posted February 27, 2016 1 minute ago, Cyber36 said: Is that the only sql-injection or exploit the released version of the offline-shop has? Is sql-injection for shop offline by ken which is free . Link to comment Share on other sites More sharing options...
xSaG 15 Posted February 27, 2016 Share Posted February 27, 2016 No complet.... Search in locale_service.cpp int check_name_alphabet Under add: int check_name_offlineshop(const char * str){const char* tmp;if (!str || !*str)return 0;if (strlen(str) < 3) return 0;for (tmp = str; *tmp; ++tmp){if (isdigit(*tmp) || isalpha(*tmp) || isnhspace(*tmp))continue;elsereturn 0;}if (CBanwordManager::instance().CheckString(str, strlen(str)))return 0;return 1;} Search in locale_service.cpp check_name Under add: int (*check_name_offlineshop) (const char * str) = NULL; Search in char.cpp m_stOfflineShopSign = szSign;if (m_stOfflineShopSign.length() == 0)return; Under add: if ( check_name_oflinesshop(m_stShopSign.c_str()) == false ){ChatPacket(CHAT_TYPE_INFO, "[ANTI-EXPLOIT] You can only use numbers and letters.");return;} Search in char.cpp extern int test_server; Under add: extern int (*check_name_offlineshop) (const char * str); 2 Link to comment Share on other sites More sharing options...
VegaS 1085 Posted February 27, 2016 Share Posted February 27, 2016 Still a small check, which does not hurt. Words can block them from insult.txt def GetTitle(self): vegas = self.inputValue.GetText() #vegas_len = len(vegas) #if vegas_len > 0: if net.IsInsultIn(vegas): chat.AppendChat(chat.CHAT_TYPE_INFO, localeInfo.CHAT_INSULT_STRING) return #titan2_block = self.inputValue.GetText() #vegas_lista = ["%s","%","etc0","etc1","etc2"] #for x in xrange(len(vegas_lista)): #if titan2_block == vegas_lista[x]: #chat.AppendChat(chat.CHAT_TYPE_INFO, "[Offline Shop] Store name contains forbidden words.") #return else: return self.inputValue.GetText() 2 Link to comment Share on other sites More sharing options...
terrorr 15 Posted February 28, 2016 Share Posted February 28, 2016 UP - object of type 'NoneType' has no len() Link to comment Share on other sites More sharing options...
VegaS 1085 Posted February 28, 2016 Share Posted February 28, 2016 On 27.02.2016 at 3:45 PM, terrorr said: UP - object of type 'NoneType' has no len() It is a simple check... uiofflineshop.py 1.) //Search function: def GetTitle(self): 2.) //Change with this: def GetTitle(self): vegas = self.inputValue.GetText() if net.IsInsultIn(vegas): chat.AppendChat(chat.CHAT_TYPE_INFO, "[Offline Shop] Store name contains forbidden words.") return else: return self.inputValue.GetText() And add in insult.txt, and other words to block: %s 1 Link to comment Share on other sites More sharing options...
Dionise 0 Posted February 28, 2016 Share Posted February 28, 2016 locale_service.cpp: In function 'int check_name_offlineshop(const char*)': locale_service.cpp:340: error: 'int check_name_offlineshop(const char*)' redeclared as different kind of symbol locale_service.cpp:29: error: previous declaration of 'int (* check_name_offlineshop)(const char*)' Link to comment Share on other sites More sharing options...
JIntors 8 Posted February 28, 2016 Share Posted February 28, 2016 This is my release =))) Thanks for copy it I will fix it but not post it again ! Link to comment Share on other sites More sharing options...
terrorr 15 Posted February 29, 2016 Share Posted February 29, 2016 5 hours ago, VegaS said: It is a simple check... uiofflineshop.py //Search function: def GetTitle(self): and change with this: def GetTitle(self): vegas = self.inputValue.GetText() if net.IsInsultIn(vegas): chat.AppendChat(chat.CHAT_TYPE_INFO, "[Offline Shop] Store name contains forbidden words.") return else: return self.inputValue.GetText() And add in insult.txt: %s and other words to lock. I know , this one working very nice but this error happend after added your code and just when I try enter badly words from insult.txt Anyway this one working very nice but just this small : object of type 'NoneType' has no len() in sysser after used bad word... Hmm... Link to comment Share on other sites More sharing options...
ShadowsPR0 6 Posted March 3, 2016 Share Posted March 3, 2016 (edited) On 2/27/2016 at 0:59 PM, xSaG said: No complet.... Search in locale_service.cpp int check_name_alphabet Under add: int check_name_offlineshop(const char * str){const char* tmp;if (!str || !*str)return 0;if (strlen(str) < 3) return 0;for (tmp = str; *tmp; ++tmp){if (isdigit(*tmp) || isalpha(*tmp) || isnhspace(*tmp))continue;elsereturn 0;}if (CBanwordManager::instance().CheckString(str, strlen(str)))return 0;return 1;} Search in locale_service.cpp check_name Under add: int (*check_name_offlineshop) (const char * str) = NULL; Search in char.cpp m_stOfflineShopSign = szSign;if (m_stOfflineShopSign.length() == 0)return; Under add: if ( check_name_oflinesshop(m_stShopSign.c_str()) == false ){ChatPacket(CHAT_TYPE_INFO, "[ANTI-EXPLOIT] You can only use numbers and letters.");return;} Search in char.cpp extern int test_server; Under add: extern int (*check_name_offlineshop) (const char * str); Hey can you please help me ? Or if anyone else knows how to fix this please i really need this. I get this error when trying to use your fix. locale_service.cpp: In function 'int check_name_offlineshop(const char*)': locale_service.cpp:340: error: 'int check_name_offlineshop(const char*)' redeclared as different kind of symbol locale_service.cpp:29: error: previous declaration of 'int (* check_name_offlineshop)(const char*)' On 2/27/2016 at 0:59 PM, xSaG said: Edited March 3, 2016 by ShadowsPR0 Link to comment Share on other sites More sharing options...
AlCapone 67 Posted March 6, 2016 Share Posted March 6, 2016 On 28/2/2016 at 9:05 PM, VegaS said: It is a simple check... uiofflineshop.py //Search function: def GetTitle(self): and change with this: def GetTitle(self): vegas = self.inputValue.GetText() if net.IsInsultIn(vegas): chat.AppendChat(chat.CHAT_TYPE_INFO, "[Offline Shop] Store name contains forbidden words.") return else: return self.inputValue.GetText() And add in insult.txt: %s and other words to lock. Better solucion this Link to comment Share on other sites More sharing options...
Endymion 317 Posted March 6, 2016 Share Posted March 6, 2016 char tab[15] = {'/', '>', '<', '|', ';', ':', '}', '{', '[', ']', '%', '#', '@', '^', '&'}; size_t x; for(int i=0;i<15;i++){ x = m_stOfflineShopSign.find(tab); if( x != std::string::npos ) { ChatPacket(CHAT_TYPE_INFO, "xyz"); return; } } 2 Link to comment Share on other sites More sharing options...
VegaS 1085 Posted March 6, 2016 Share Posted March 6, 2016 53 minutes ago, Endymion said: char tab[15] = {'/', '>', '<', '|', ';', ':', '}', '{', '[', ']', '%', '#', '@', '^', '&'}; size_t x; for(int i=0;i<15;i++){ x = m_stOfflineShopSign.find(tab); if( x != std::string::npos ) { ChatPacket(CHAT_TYPE_INFO, "xyz"); return; }} Kurwaa: )) 1 Link to comment Share on other sites More sharing options...
terrorr 15 Posted March 7, 2016 Share Posted March 7, 2016 14 hours ago, VegaS said: Kurwaa: )) Vegas, how to active 6/7 bone in offline shop? Do you know? 1 Link to comment Share on other sites More sharing options...
RealReznov 15 Posted March 7, 2016 Share Posted March 7, 2016 On 2016. 02. 28. at 9:08 PM, Dionise said: locale_service.cpp: In function 'int check_name_offlineshop(const char*)': locale_service.cpp:340: error: 'int check_name_offlineshop(const char*)' redeclared as different kind of symbol locale_service.cpp:29: error: previous declaration of 'int (* check_name_offlineshop)(const char*)' Mee to. Anyone know SERVER-SIDED WORKING solution? Link to comment Share on other sites More sharing options...
Abigo 7 Posted March 8, 2016 Share Posted March 8, 2016 20 hours ago, RealReznov said: Mee to. Anyone know SERVER-SIDED WORKING solution? are you blind can't you read this? just by reading this you can see it's working if (CBanwordManager::instance().CheckString(m_stOfflineShopSign.c_str(), m_stOfflineShopSign.length())){ChatPacket(CHAT_TYPE_INFO, ("Doar litere si cifre in numele shop-ului."));return;} Link to comment Share on other sites More sharing options...
Coniesan 96 Posted March 8, 2016 Share Posted March 8, 2016 (edited) lol sry @all but try this Go to char.cpp (serverside) there u have your "INSERT" Query // Insert char szQuery2[512]; snprintf(szQuery2, sizeof(szQuery2), "INSERT INTO %soffline_shop_npc(owner_id, sign, name, time, x, y, z, mapIndex, channel) VALUES(%u, '%s', '%s', %d, %ld, %ld, %ld, %ld, %d)", get_table_postfix(), GetPlayerID(), c_pszSign, GetName(), iTime, GetX(), GetY(), GetZ(), GetMapIndex(), g_bChannel); DBManager::Instance().DirectQuery(szQuery2); replace it with: // Insert char szSign2[SHOP_SIGN_MAX_LEN+1]; DBManager::instance().EscapeString(szSign2, sizeof(szSign2), c_pszSign, strlen(c_pszSign)); char szQuery2[512]; snprintf(szQuery2, sizeof(szQuery2), "INSERT INTO %soffline_shop_npc(owner_id, sign, name, time, x, y, z, mapIndex, channel) VALUES(%u, '%s', '%s', %d, %ld, %ld, %ld, %ld, %d)", get_table_postfix(), GetPlayerID(), szSign2, GetName(), iTime, GetX(), GetY(), GetZ(), GetMapIndex(), g_bChannel); DBManager::Instance().DirectQuery(szQuery2); the "DBManager::instance().EscapeString()" methode should be default in your db.h So have fun Edited August 20, 2022 by Metin2 Dev Core X - External 2 Internal 2 Link to comment Share on other sites More sharing options...
emoemolizu 1 Posted March 28, 2016 Share Posted March 28, 2016 where shall function DBManager::instance().EscapeString() in db.h ? Link to comment Share on other sites More sharing options...
emoemolizu 1 Posted April 2, 2016 Share Posted April 2, 2016 char.cpp:7729: warning: this decimal constant is unsigned only in ISO C90 char.cpp: In member function 'void CHARACTER::PointChange(BYTE, int, bool, bool)': char.cpp:3165: warning: comparison between signed and unsigned integer expressions char.cpp: In member function 'void CHARACTER::OpenMyOfflineShop(const char*, TShopItemTable*, BYTE, BYTE)': char.cpp:4316: error: 'check_name_oflinesshop' was not declared in this scope char.cpp: In static member function 'static CHARACTER::PartyJoinErrCode CHARACTER::IsPartyJoinableMutableCondition(CHARACTER*, CHARACTER*)': char.cpp:5198: warning: comparison between signed and unsigned integer expressions Link to comment Share on other sites More sharing options...
PeaceMaker 121 Posted April 16, 2016 Share Posted April 16, 2016 none of these fixes works lol Link to comment Share on other sites More sharing options...
PeaceMaker 121 Posted April 17, 2016 Share Posted April 17, 2016 On 3/5/2016 at 11:33 PM, Endymion said: char tab[15] = {'/', '>', '<', '|', ';', ':', '}', '{', '[', ']', '%', '#', '@', '^', '&'}; size_t x; for(int i=0;i<15;i++){ x = m_stOfflineShopSign.find(tab); if( x != std::string::npos ) { ChatPacket(CHAT_TYPE_INFO, "xyz"); return; }} can you say where to add this please ? Link to comment Share on other sites More sharing options...
Endymion 317 Posted April 18, 2016 Share Posted April 18, 2016 char.cpp OpenMyOfflineShop 1 Link to comment Share on other sites More sharing options...
TekkForCeAD2 158 Posted May 11, 2016 Share Posted May 11, 2016 (edited) Can u tell me so is right? Edited August 20, 2022 by Metin2 Dev Core X - External 2 Internal Link to comment Share on other sites More sharing options...
vladbos35 1 Posted May 13, 2016 Share Posted May 13, 2016 (edited) Edited August 20, 2022 by Metin2 Dev Core X - External 2 Internal Link to comment Share on other sites More sharing options...
Recommended Posts