[9196] Prevent corrupt in-game used strings by DB escaping.

mangos · Jan 17, 2010 · 7fe09f0 · 7fe09f0
1 parent a3ff8c5
commit 7fe09f0
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 7 deletions.
diff --git a/src/game/SocialMgr.cpp b/src/game/SocialMgr.cpp
@@ -114,8 +114,9 @@ void PlayerSocial::SetFriendNote(uint32 friend_guid, std::string note)
 
     utf8truncate(note,48);                                  // DB and client size limitation
 
-    CharacterDatabase.escape_string(note);
-    CharacterDatabase.PExecute("UPDATE character_social SET note = '%s' WHERE guid = '%u' AND friend = '%u'", note.c_str(), GetPlayerGUID(), friend_guid);
+    std::string safe_note = note;
+    CharacterDatabase.escape_string(safe_note);
+    CharacterDatabase.PExecute("UPDATE character_social SET note = '%s' WHERE guid = '%u' AND friend = '%u'", safe_note.c_str(), GetPlayerGUID(), friend_guid);
     m_playerSocialMap[friend_guid].Note = note;
 }
 

diff --git a/src/game/WorldSession.cpp b/src/game/WorldSession.cpp
@@ -626,8 +626,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
 
         CharacterDatabase.BeginTransaction ();
         CharacterDatabase.PExecute("DELETE FROM account_data WHERE account='%u' AND type='%u'", acc, type);
-        CharacterDatabase.escape_string(data);
-        CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, data.c_str());
+        std::string safe_data = data;
+        CharacterDatabase.escape_string(safe_data);
+        CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','%u','%s')", acc, type, (uint32)time_, safe_data.c_str());
         CharacterDatabase.CommitTransaction ();
     }
     else
@@ -638,8 +639,9 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin
 
         CharacterDatabase.BeginTransaction ();
         CharacterDatabase.PExecute("DELETE FROM character_account_data WHERE guid='%u' AND type='%u'", m_GUIDLow, type);
-        CharacterDatabase.escape_string(data);
-        CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, data.c_str());
+        std::string safe_data = data;
+        CharacterDatabase.escape_string(safe_data);
+        CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','%u','%s')", m_GUIDLow, type, (uint32)time_, safe_data.c_str());
         CharacterDatabase.CommitTransaction ();
     }
 

diff --git a/src/shared/revision_nr.h b/src/shared/revision_nr.h
@@ -1,4 +1,4 @@
 #ifndef __REVISION_NR_H__
 #define __REVISION_NR_H__
- #define REVISION_NR "9195"
+ #define REVISION_NR "9196"
 #endif // __REVISION_NR_H__