Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-22 18:15:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/ObjectMgr: Fix possible SQL injection for game_tele

Browse Source
This commit is contained in:
Vinolentus
2011-12-12 20:36:46 +01:00
committed by kaelima
parent e34eda37c7
commit f8cb2f528b
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/server/game/Globals/ObjectMgr.cpp
View File

@@ -8040,8 +8040,11 @@ bool ObjectMgr::AddGameTele(GameTele& tele)
m_GameTeleMap[new_id] = tele;
std::string safeName(tele.name);
WorldDatabase.escape_string(safeName);
WorldDatabase.PExecute("INSERT INTO game_tele (id, position_x, position_y, position_z, orientation, map, name) VALUES (%u, %f, %f, %f, %f, %d, '%s')",
new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, tele.name.c_str());
new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, safeName.c_str());
return true;
}