Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-16 23:50:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Fix reload tickets from database

Browse Source 
* Fix crash /exploit issue with improper pasing when '%' is in ticket message
* Remove obsolete recv_data from tickets
* Allow closing of a ticket inserting the guid of the GM or player that closed it into the database.
* Allow assigning tickets to offline GMs.
* Tighten up SQL escape strings, increased security against SQL injections
* Fix issue where multiple tickets could have the same entry
* --- by Machiavelli ---

--HG--
branch : trunk
This commit is contained in:
Blaymoira
2009-01-04 19:34:15 +01:00
parent b9f1a0fda1
commit 0389ed4528
6 changed files with 71 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/updates/780_characters.sql Normal file
View File

@@ -0,0 +1,2 @@
ALTER TABLE `gm_tickets` CHANGE `guid` `guid` int(10) NOT NULL AUTO_INCREMENT;
ALTER TABLE `gm_tickets` CHANGE `closed` `closed` int(10) NOT NULL;

2
src/game/Chat.cpp
View File

@@ -300,7 +300,7 @@ ChatCommand * ChatHandler::getCommandTable()
{ "locales_page_text", SEC_ADMINISTRATOR, true, &ChatHandler::HandleReloadLocalesPageTextCommand, "", NULL },
{ "locales_quest", SEC_ADMINISTRATOR, true, &ChatHandler::HandleReloadLocalesQuestCommand, "", NULL },
{ "waypoint_scripts", SEC_ADMINISTRATOR, true, &ChatHandler::HandleReloadWpScriptsCommand, "", NULL },
{ "tickets", SEC_ADMINISTRATOR, true, &ChatHandler::HandleGMTicketReloadCommand, "", NULL },
{ "gm_tickets", SEC_ADMINISTRATOR, true, &ChatHandler::HandleGMTicketReloadCommand, "", NULL },
{ "", SEC_ADMINISTRATOR, true, &ChatHandler::HandleReloadCommand, "", NULL },
{ NULL, 0, false, NULL, "", NULL }

82
src/game/Level1.cpp
View File

@@ -272,19 +272,20 @@ bool ChatHandler::HandleGMTicketListCommand(const char* args)
SendSysMessage(LANG_COMMAND_TICKETSHOWLIST);
for(GmTicketList::iterator itr = ticketmgr.GM_TicketList.begin(); itr != ticketmgr.GM_TicketList.end(); ++itr)
{
if((*itr)->closed == 1)
if((*itr)->closed != 0)
continue;
std::stringstream message;
message << "|cff00ff00Ticket|r: |cff00ccff" << (*itr)->guid;
message << ".|r |cff00ff00created by:|r |cff00ccff" << (*itr)->name;
message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString(time(NULL) - (*itr)->timestamp, true, false) << " ago.";
if((*itr)->assignedToGM != 0 && objmgr.GetPlayer((*itr)->assignedToGM))
if((*itr)->assignedToGM != 0)
{
std::string gmname = objmgr.GetPlayer((*itr)->assignedToGM)->GetName();
std::string gmname;
objmgr.GetPlayerNameByGUID((*itr)->assignedToGM, gmname);
message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
}
SendGlobalGMSysMessage(message.str().c_str());
SendSysMessage(message.str().c_str());
}
return true;
}
@@ -295,7 +296,7 @@ bool ChatHandler::HandleGMTicketListOnlineCommand(const char* args)
SendSysMessage(LANG_COMMAND_TICKETSHOWONLINELIST);
for(GmTicketList::iterator itr = ticketmgr.GM_TicketList.begin(); itr != ticketmgr.GM_TicketList.end(); ++itr)
{
if((*itr)->closed == 1 || !objmgr.GetPlayer((*itr)->playerGuid))
if((*itr)->closed != 0 || !objmgr.GetPlayer((*itr)->playerGuid))
continue;
std::stringstream message;
@@ -304,10 +305,11 @@ bool ChatHandler::HandleGMTicketListOnlineCommand(const char* args)
message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL) - (*itr)->timestamp), true, false) << " ago.";
if((*itr)->assignedToGM != 0 && objmgr.GetPlayer((*itr)->assignedToGM))
{
std::string gmname = objmgr.GetPlayer((*itr)->assignedToGM)->GetName();
std::string gmname;
objmgr.GetPlayerNameByGUID((*itr)->assignedToGM, gmname);
message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
}
SendGlobalGMSysMessage(message.str().c_str());
SendSysMessage(message.str().c_str());
}
return true;
}
@@ -331,7 +333,8 @@ bool ChatHandler::HandleGMTicketGetByIdCommand(const char* args)
message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL)-ticket->timestamp), true, false) << " ago.";
if(ticket->assignedToGM != 0 && objmgr.GetPlayer(ticket->assignedToGM))
{
std::string gmname = objmgr.GetPlayer(ticket->assignedToGM)->GetName();
std::string gmname;
objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
}
message << "|r\n|cff00ff00Message:|r " << ticket->message;
@@ -339,7 +342,7 @@ bool ChatHandler::HandleGMTicketGetByIdCommand(const char* args)
{
message << "|r |cff00ff00Comment:|r |cff00ccff " << ticket->comment;
}
PSendSysMessage(message.str().c_str());
SendSysMessage(message.str().c_str());
return true;
}
@@ -361,7 +364,8 @@ bool ChatHandler::HandleGMTicketGetByNameCommand(const char* args)
message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL)-ticket->timestamp), true, false) << " ago.";
if(ticket->assignedToGM != 0 && objmgr.GetPlayer(ticket->assignedToGM))
{
std::string gmname = objmgr.GetPlayer(ticket->assignedToGM)->GetName();
std::string gmname;
objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
}
message << "|r\n|cff00ff00Message:|r " << ticket->message;
@@ -369,7 +373,7 @@ bool ChatHandler::HandleGMTicketGetByNameCommand(const char* args)
{
message << "|r |cff00ff00Comment:|r |cff00ccff " << ticket->comment;
}
PSendSysMessage(message.str().c_str());
SendSysMessage(message.str().c_str());
return true;
}
@@ -380,22 +384,22 @@ bool ChatHandler::HandleGMTicketCloseByIdCommand(const char* args)
uint64 tguid = atoi(args);
GM_Ticket *ticket = ticketmgr.GetGMTicket(tguid);
if(!ticket || ticket->closed == 1)
if(!ticket || ticket->closed != 0)
{
SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
return false;
return true;
}
if(ticket && ticket->assignedToGM != 0 && ticket->assignedToGM != m_session->GetPlayer()->GetGUID())
{
PSendSysMessage(LANG_COMMAND_TICKETCANNOTCLOSE, ticket->guid);
return false;
return true;
}
sWorld.SendGMText(LANG_COMMAND_TICKETCLOSED, ticket->name.c_str(), ticket->guid);
ticketmgr.RemoveGMTicket(ticket->guid);
sWorld.SendGMText(LANG_COMMAND_TICKETCLOSED, m_session->GetPlayer()->GetName(), ticket->guid);
ticketmgr.RemoveGMTicket(ticket->guid, m_session->GetPlayer()->GetGUID());
Player *plr = objmgr.GetPlayer(ticket->playerGuid);
if(!plr || !plr->IsInWorld())
return false;
return true;
// send abandon ticket
WorldPacket data(SMSG_GMTICKET_DELETETICKET, 4);
@@ -425,40 +429,38 @@ bool ChatHandler::HandleGMTicketAssignToCommand(const char* args)
std::string gmname;
GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
if(!ticket || ticket->closed == 1)
if(!ticket || ticket->closed != 0)
{
SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
return true;
}
Player *plr = objmgr.GetPlayer(targm.c_str());
if(!plr || !plr->IsInWorld() || plr->GetSession()->GetSecurity() < SEC_MODERATOR)
uint64 tarGUID = objmgr.GetPlayerGUIDByName(targm.c_str());
uint64 accid = objmgr.GetPlayerAccountIdByGUID(tarGUID);
QueryResult *result = LoginDatabase.PQuery("SELECT `gmlevel` FROM `account` WHERE `id` = '%u'", accid);
if(!tarGUID|| !result || result->Fetch()->GetUInt32() < SEC_MODERATOR)
{
SendSysMessage(LANG_COMMAND_TICKETASSIGNERROR_A);
return true;
}
if(ticket->assignedToGM == plr->GetGUID())
if(ticket->assignedToGM == tarGUID)
{
PSendSysMessage(LANG_COMMAND_TICKETASSIGNERROR_B, ticket->guid);
return true;
}
objmgr.GetPlayerNameByGUID(tarGUID, gmname);
if(ticket->assignedToGM != 0 && ticket->assignedToGM != cplr->GetGUID())
{
Player *aplr = objmgr.GetPlayer(ticket->assignedToGM);
if(aplr && aplr->IsInWorld())
{
gmname = aplr->GetName();
PSendSysMessage(LANG_COMMAND_TICKETALREADYASSIGNED, ticket->guid, gmname.c_str());
return true;
}
PSendSysMessage(LANG_COMMAND_TICKETALREADYASSIGNED, ticket->guid, gmname.c_str());
return true;
}
ticket->assignedToGM = plr->GetGUID();
ticket->assignedToGM = tarGUID;
ticketmgr.UpdateGMTicket(ticket);
std::stringstream ss;
ss << "|cff00ff00Ticket:|r ";
ss << "|cffff00ff" << ticket->guid << ". " << cplr->GetName() << "|r";
ss << "|cff00ff00 assigned to:|r ";
ss << "|cffff00ff\"" << targetgm << "\".";
ss << "|cffff00ff\"" << gmname << "\".";
SendGlobalGMSysMessage(ss.str().c_str());
return true;
}
@@ -472,19 +474,20 @@ bool ChatHandler::HandleGMTicketUnAssignCommand(const char* args)
Player *cplr = m_session->GetPlayer();
GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
if(!ticket|| ticket->closed)
if(!ticket|| ticket->closed != 0)
{
SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
return true;
}
if(ticket->assignedToGM = 0)
if(ticket->assignedToGM == 0)
{
SendSysMessage(LANG_COMMAND_TICKETNOTASSIGNED);
return true;
}
Player *plr = objmgr.GetPlayer(ticket->assignedToGM);
std::string gmname;
objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
Player *plr = objmgr.GetPlayer(ticket->assignedToGM);
if(plr && plr->IsInWorld() && plr->GetSession()->GetSecurity() > cplr->GetSession()->GetSecurity())
{
SendSysMessage(LANG_COMMAND_TICKETUNASSIGNSECURITY);
@@ -516,7 +519,7 @@ bool ChatHandler::HandleGMTicketCommentCommand(const char* args)
Player *cplr = m_session->GetPlayer();
GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
if(!ticket || ticket->closed == 1)
if(!ticket || ticket->closed != 0)
{
PSendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
return true;
@@ -550,14 +553,17 @@ bool ChatHandler::HandleGMTicketDeleteByIdCommand(const char* args)
SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
return true;
}
if(!ticket->closed == 1)
if(ticket->closed == 0)
{
SendSysMessage(LANG_COMMAND_TICKETCLOSEFIRST);
return true;
}
std::string gmname = m_session->GetPlayer()->GetName();
sWorld.SendGMText(LANG_COMMAND_TICKETDELETED, ticket->guid, gmname.c_str());
std::stringstream ss;
ss << "|cff00ff00Ticket:|r ";
ss << "|cffff00ff" << m_session->GetPlayer()->GetName() << "|r";
ss << "|cff00ff00 deleted.|r";
SendGlobalGMSysMessage(ss.str().c_str());
Player *plr = objmgr.GetPlayer(ticket->playerGuid);
ticketmgr.DeleteGMTicketPermanently(ticket->guid);
if(plr && plr->IsInWorld())

12
src/game/TicketHandler.cpp
View File

@@ -36,8 +36,6 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
// always do a packet check
CHECK_PACKET_SIZE(recv_data, 4*4+1+2*4);
uint32 map;
float x, y, z;
std::string ticketText = "";
std::string ticketText2 = "";
GM_Ticket *ticket = new GM_Ticket;
@@ -45,13 +43,9 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
WorldPacket data(SMSG_GMTICKET_CREATE, 4);
// recv Data
recv_data >> map;
recv_data >> x;
recv_data >> y;
recv_data >> z;
recv_data >> ticketText;
// get additional data
// get additional data, rarely used
recv_data >> ticketText2;
// assign values
@@ -65,7 +59,7 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
ticket->comment = "";
// remove ticket by player, shouldn't happen
ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID());
ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID(), GetPlayer()->GetGUID());
// add ticket
ticketmgr.AddGMTicket(ticket, false);
@@ -140,7 +134,7 @@ void WorldSession::HandleGMTicketDeleteOpcode( WorldPacket & /*recv_data*/)
SendPacket(&data);
sWorld.SendGMText(LANG_COMMAND_TICKETPLAYERABANDON, GetPlayer()->GetName(), ticket->guid );
ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID());
ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID(), GetPlayer()->GetGUID());
}
}

40
src/game/TicketMgr.cpp
View File

@@ -24,13 +24,9 @@
#include "ObjectMgr.h"
#include "Language.h"
#include "Player.h"
INSTANTIATE_SINGLETON_1( TicketMgr );
#include "Common.h"
//#include "Log.h"
#include "ObjectAccessor.h"
INSTANTIATE_SINGLETON_1( TicketMgr );
GM_Ticket* TicketMgr::GetGMTicket(uint64 ticketGuid)
{
@@ -106,7 +102,7 @@ void TicketMgr::DeleteGMTicketPermanently(uint64 ticketGuid)
}
// delete database record
CharacterDatabase.PExecute("DELETE FROM gm_tickets WHERE guid=%u", ticketGuid);
CharacterDatabase.PExecute("DELETE FROM `gm_tickets` WHERE guid= '%u'", ticketGuid);
}
@@ -114,13 +110,13 @@ void TicketMgr::LoadGMTickets()
{
// Delete all out of object holder
GM_TicketList.clear();
QueryResult *result = CharacterDatabase.Query( "SELECT `guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment` FROM gm_tickets WHERE closed = '0'" );
QueryResult *result = CharacterDatabase.Query( "SELECT `guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment` FROM `gm_tickets` WHERE `closed` = '0'" );
GM_Ticket *ticket;
//ticket = NULL;
if(!result)
return;
// Assign values from SQL to the object holder
do
{
Field *fields = result->Fetch();
@@ -143,13 +139,13 @@ void TicketMgr::LoadGMTickets()
delete result;
}
void TicketMgr::RemoveGMTicket(uint64 ticketGuid)
void TicketMgr::RemoveGMTicket(uint64 ticketGuid, uint64 GMguid)
{
for(GmTicketList::iterator i = GM_TicketList.begin(); i != GM_TicketList.end();)
{
if((*i)->guid == ticketGuid && (*i)->closed == 0)
{
(*i)->closed = 1;
(*i)->closed = GMguid;
SaveGMTicket((*i));
}
++i;
@@ -157,13 +153,13 @@ void TicketMgr::RemoveGMTicket(uint64 ticketGuid)
}
void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid)
void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid, uint64 GMguid)
{
for(GmTicketList::iterator i = GM_TicketList.begin(); i != GM_TicketList.end();)
{
if((*i)->playerGuid == playerGuid && (*i)->closed == 0)
{
(*i)->closed = true;
(*i)->closed = GMguid;
SaveGMTicket((*i));
}
++i;
@@ -173,15 +169,15 @@ void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid)
void TicketMgr::SaveGMTicket(GM_Ticket* ticket)
{
std::stringstream ss;
ss << "REPLACE INTO gm_tickets (`guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment`) VALUES(";
ss << ticket->guid << ", ";
ss << ticket->playerGuid << ", '";
ss << ticket->name << "', '";
ss << ticket->message << "', " ;
ss << ticket->timestamp << ", ";
ss << ticket->closed << ", '";
ss << ticket->assignedToGM << "', '";
ss << ticket->comment << "');";
ss << "REPLACE INTO `gm_tickets` (`guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment`) VALUES(\"";
ss << ticket->guid << "\", \"";
ss << ticket->playerGuid << "\", \"";
ss << ticket->name << "\", \"";
ss << ticket->message << "\", \"" ;
ss << ticket->timestamp << "\", \"";
ss << ticket->closed << "\", \"";
ss << ticket->assignedToGM << "\", \"";
ss << ticket->comment << "\");";
CharacterDatabase.BeginTransaction();
CharacterDatabase.Execute(ss.str().c_str());
@@ -203,5 +199,5 @@ uint64 TicketMgr::GenerateTicketID()
delete result;
}
return m_ticketid;
return ++m_ticketid;
}

20
src/game/TicketMgr.h
View File

@@ -39,27 +39,13 @@ struct GM_Ticket
std::string comment;
};
enum GMticketType
{
GM_TICKET_TYPE_STUCK = 1,
GM_TICKET_TYPE_BEHAVIOR_HARASSMENT = 2,
GM_TICKET_TYPE_GUILD = 3,
GM_TICKET_TYPE_ITEM = 4,
GM_TICKET_TYPE_ENVIRONMENTAL = 5,
GM_TICKET_TYPE_NON_QUEST_CREEP = 6,
GM_TICKET_TYPE_QUEST_QUEST_NPC = 7,
GM_TICKET_TYPE_TECHNICAL = 8,
GM_TICKET_TYPE_ACCOUNT_BILLING = 9,
GM_TICKET_TYPE_CHARACTER = 10
};
// Map Typedef
typedef std::list<GM_Ticket*> GmTicketList;
class TicketMgr
{
public:
TicketMgr(){} //constructor
TicketMgr(){m_ticketid = 1;} //constructor
~TicketMgr(){} //destructor
// Object Holder
@@ -69,8 +55,8 @@ class TicketMgr
void DeleteAllRemovedGMTickets();
void DeleteGMTicketPermanently(uint64 ticketGuid);
void LoadGMTickets();
void RemoveGMTicketByPlayer(uint64 playerGuid);
void RemoveGMTicket(uint64 ticketGuid);
void RemoveGMTicketByPlayer(uint64 playerGuid, uint64 GMguid);
void RemoveGMTicket(uint64 ticketGuid, uint64 GMguid);
void UpdateGMTicket(GM_Ticket *ticket);
void SaveGMTicket(GM_Ticket* ticket);