* Fix reload tickets from database

* Fix crash /exploit issue with improper pasing when '%' is in ticket message * Remove obsolete recv_data from tickets * Allow closing of a ticket inserting the guid of the GM or player that closed it into the database. * Allow assigning tickets to offline GMs. * Tighten up SQL escape strings, increased security against SQL injections * Fix issue where multiple tickets could have the same entry * --- by Machiavelli --- --HG-- branch : trunk
author: Blaymoira <none@none> 2009-01-04 19:34:15 +0100
committer: Blaymoira <none@none> 2009-01-04 19:34:15 +0100
commit: 0389ed45281b65c39b034bf4cc899dbdaf5d04ce (patch)
tree: 9bea18ebd282461229cafb2f6075bfede3a9eab5
parent: b9f1a0fda1fee76b57ba1fcdaec82be18610bcc0 (diff)
6 files changed, 71 insertions, 87 deletions
diff --git a/sql/updates/780_characters.sql b/sql/updates/780_characters.sql
new file mode 100644
index 00000000000..cbcb193c276
--- /dev/null
+++ b/sql/updates/780_characters.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `gm_tickets` CHANGE `guid` `guid` int(10) NOT NULL AUTO_INCREMENT;
+ALTER TABLE `gm_tickets` CHANGE `closed` `closed` int(10) NOT NULL;
+\ No newline at end of file
diff --git a/src/game/Chat.cpp b/src/game/Chat.cpp
index 3ec5d92bd6a..c16d4f69652 100644
--- a/src/game/Chat.cpp
+++ b/src/game/Chat.cpp
@@ -300,7 +300,7 @@ ChatCommand * ChatHandler::getCommandTable()
         { "locales_page_text",           SEC_ADMINISTRATOR, true,  &ChatHandler::HandleReloadLocalesPageTextCommand,         "", NULL },
         { "locales_quest",               SEC_ADMINISTRATOR, true,  &ChatHandler::HandleReloadLocalesQuestCommand,            "", NULL },
 		{ "waypoint_scripts",            SEC_ADMINISTRATOR, true,  &ChatHandler::HandleReloadWpScriptsCommand,				 "", NULL },
-		{ "tickets",					 SEC_ADMINISTRATOR, true,  &ChatHandler::HandleGMTicketReloadCommand,				 "", NULL },
+		{ "gm_tickets",					 SEC_ADMINISTRATOR, true,  &ChatHandler::HandleGMTicketReloadCommand,				 "", NULL },
 
         { "",                            SEC_ADMINISTRATOR, true,  &ChatHandler::HandleReloadCommand,                        "", NULL },
         { NULL,                          0,                 false, NULL,                                                     "", NULL }
diff --git a/src/game/Level1.cpp b/src/game/Level1.cpp
index 1566d16c66c..d1f02ad507f 100644
--- a/src/game/Level1.cpp
+++ b/src/game/Level1.cpp
@@ -272,19 +272,20 @@ bool ChatHandler::HandleGMTicketListCommand(const char* args)
 	SendSysMessage(LANG_COMMAND_TICKETSHOWLIST);
 	for(GmTicketList::iterator itr = ticketmgr.GM_TicketList.begin(); itr != ticketmgr.GM_TicketList.end(); ++itr)
 	{
-		if((*itr)->closed == 1)
+		if((*itr)->closed != 0)
 			continue;
 
 		std::stringstream message;
 		message << "|cff00ff00Ticket|r: |cff00ccff" << (*itr)->guid;
 		message << ".|r |cff00ff00created by:|r |cff00ccff" << (*itr)->name;
 		message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString(time(NULL) - (*itr)->timestamp, true, false) << " ago.";
-		if((*itr)->assignedToGM != 0 && objmgr.GetPlayer((*itr)->assignedToGM))
+		if((*itr)->assignedToGM != 0)
 		{
-			std::string gmname = objmgr.GetPlayer((*itr)->assignedToGM)->GetName();
+			std::string gmname;
+			objmgr.GetPlayerNameByGUID((*itr)->assignedToGM, gmname);
 			message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
 		}
-		SendGlobalGMSysMessage(message.str().c_str());
+		SendSysMessage(message.str().c_str());
 	}
 	return true;
 }
@@ -295,7 +296,7 @@ bool ChatHandler::HandleGMTicketListOnlineCommand(const char* args)
 	SendSysMessage(LANG_COMMAND_TICKETSHOWONLINELIST);
 	for(GmTicketList::iterator itr = ticketmgr.GM_TicketList.begin(); itr != ticketmgr.GM_TicketList.end(); ++itr)
 	{
-		if((*itr)->closed == 1 || !objmgr.GetPlayer((*itr)->playerGuid))
+		if((*itr)->closed != 0 || !objmgr.GetPlayer((*itr)->playerGuid))
 			continue;
 		
 		std::stringstream message;
@@ -304,10 +305,11 @@ bool ChatHandler::HandleGMTicketListOnlineCommand(const char* args)
 		message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL) - (*itr)->timestamp), true, false) << " ago.";
 		if((*itr)->assignedToGM != 0 && objmgr.GetPlayer((*itr)->assignedToGM))
 		{
-			std::string gmname = objmgr.GetPlayer((*itr)->assignedToGM)->GetName();
+			std::string gmname;
+			objmgr.GetPlayerNameByGUID((*itr)->assignedToGM, gmname);
 			message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
 		}
-		SendGlobalGMSysMessage(message.str().c_str());
+		SendSysMessage(message.str().c_str());
 	}
 	return true;
 }
@@ -331,7 +333,8 @@ bool ChatHandler::HandleGMTicketGetByIdCommand(const char* args)
 	message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL)-ticket->timestamp), true, false) << " ago.";
 	if(ticket->assignedToGM != 0 && objmgr.GetPlayer(ticket->assignedToGM))
 	{
-		std::string gmname = objmgr.GetPlayer(ticket->assignedToGM)->GetName();
+		std::string gmname;
+		objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
 		message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
 	}
 	message << "|r\n|cff00ff00Message:|r " << ticket->message;
@@ -339,7 +342,7 @@ bool ChatHandler::HandleGMTicketGetByIdCommand(const char* args)
 	{
 		message << "|r |cff00ff00Comment:|r |cff00ccff " << ticket->comment;
 	}
-	PSendSysMessage(message.str().c_str());
+	SendSysMessage(message.str().c_str());
 	return true;
 }
 
@@ -361,7 +364,8 @@ bool ChatHandler::HandleGMTicketGetByNameCommand(const char* args)
 	message << ".|r |cff00ff00Last change:|r |cff00ccff " << secsToTimeString((time(NULL)-ticket->timestamp), true, false) << " ago.";
 	if(ticket->assignedToGM != 0 && objmgr.GetPlayer(ticket->assignedToGM))
 	{
-		std::string gmname = objmgr.GetPlayer(ticket->assignedToGM)->GetName();
+		std::string gmname;
+		objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
 		message << "|r |cff00ff00Assigned to:|r |cff00ccff " << gmname;
 	}
 	message << "|r\n|cff00ff00Message:|r " << ticket->message;
@@ -369,7 +373,7 @@ bool ChatHandler::HandleGMTicketGetByNameCommand(const char* args)
 	{
 		message << "|r |cff00ff00Comment:|r |cff00ccff " << ticket->comment;
 	}
-	PSendSysMessage(message.str().c_str());
+	SendSysMessage(message.str().c_str());
 	return true;
 }
 
@@ -380,22 +384,22 @@ bool ChatHandler::HandleGMTicketCloseByIdCommand(const char* args)
 	
 	uint64 tguid = atoi(args);
 	GM_Ticket *ticket = ticketmgr.GetGMTicket(tguid);
-	if(!ticket || ticket->closed == 1)
+	if(!ticket || ticket->closed != 0)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
-		return false;
+		return true;
 	}
 	if(ticket && ticket->assignedToGM != 0 && ticket->assignedToGM != m_session->GetPlayer()->GetGUID())
 	{
 		PSendSysMessage(LANG_COMMAND_TICKETCANNOTCLOSE, ticket->guid);
-		return false;
+		return true;
 	}
-	sWorld.SendGMText(LANG_COMMAND_TICKETCLOSED, ticket->name.c_str(), ticket->guid);
-	ticketmgr.RemoveGMTicket(ticket->guid);
+	sWorld.SendGMText(LANG_COMMAND_TICKETCLOSED, m_session->GetPlayer()->GetName(), ticket->guid);
+	ticketmgr.RemoveGMTicket(ticket->guid, m_session->GetPlayer()->GetGUID());
 	Player *plr = objmgr.GetPlayer(ticket->playerGuid);
 
 	if(!plr || !plr->IsInWorld())
-		return false;
+		return true;
 
 	// send abandon ticket
 	WorldPacket data(SMSG_GMTICKET_DELETETICKET, 4);
@@ -425,40 +429,38 @@ bool ChatHandler::HandleGMTicketAssignToCommand(const char* args)
 	std::string gmname;
 	GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
 
-	if(!ticket || ticket->closed == 1)
+	if(!ticket || ticket->closed != 0)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
 		return true;
 	}
-	Player *plr = objmgr.GetPlayer(targm.c_str());
-	if(!plr || !plr->IsInWorld() || plr->GetSession()->GetSecurity() < SEC_MODERATOR)
+	uint64 tarGUID = objmgr.GetPlayerGUIDByName(targm.c_str());
+	uint64 accid = objmgr.GetPlayerAccountIdByGUID(tarGUID);
+	QueryResult *result = LoginDatabase.PQuery("SELECT `gmlevel` FROM `account` WHERE `id` = '%u'", accid);
+	if(!tarGUID|| !result || result->Fetch()->GetUInt32() < SEC_MODERATOR)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETASSIGNERROR_A);
 		return true;
 	}
-	if(ticket->assignedToGM == plr->GetGUID())
+	if(ticket->assignedToGM == tarGUID)
 	{
 		PSendSysMessage(LANG_COMMAND_TICKETASSIGNERROR_B, ticket->guid);
 		return true;
 	}
+	objmgr.GetPlayerNameByGUID(tarGUID, gmname);
 	if(ticket->assignedToGM != 0 && ticket->assignedToGM != cplr->GetGUID())
 	{
-		Player *aplr = objmgr.GetPlayer(ticket->assignedToGM);
-		if(aplr && aplr->IsInWorld())
-		{
-			gmname = aplr->GetName();
-			PSendSysMessage(LANG_COMMAND_TICKETALREADYASSIGNED, ticket->guid, gmname.c_str());
-			return true;
-		}
+		PSendSysMessage(LANG_COMMAND_TICKETALREADYASSIGNED, ticket->guid, gmname.c_str());
+		return true;
 	}
 	
-	ticket->assignedToGM = plr->GetGUID();
+	ticket->assignedToGM = tarGUID;
 	ticketmgr.UpdateGMTicket(ticket);
 	std::stringstream ss;
 	ss << "|cff00ff00Ticket:|r ";
 	ss << "|cffff00ff" << ticket->guid << ". " << cplr->GetName() << "|r";
 	ss << "|cff00ff00 assigned to:|r ";
-	ss << "|cffff00ff\"" << targetgm << "\".";
+	ss << "|cffff00ff\"" << gmname << "\".";
 	SendGlobalGMSysMessage(ss.str().c_str());
 	return true;
 }
@@ -472,19 +474,20 @@ bool ChatHandler::HandleGMTicketUnAssignCommand(const char* args)
 	Player *cplr = m_session->GetPlayer();
 	GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
 
-	if(!ticket|| ticket->closed)
+	if(!ticket|| ticket->closed != 0)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
 		return true;
 	}
-	if(ticket->assignedToGM = 0)
+	if(ticket->assignedToGM == 0)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETNOTASSIGNED);
 		return true;
 	}
 
-	Player *plr = objmgr.GetPlayer(ticket->assignedToGM);
-	
+	std::string gmname;
+	objmgr.GetPlayerNameByGUID(ticket->assignedToGM, gmname);
+	Player *plr = objmgr.GetPlayer(ticket->assignedToGM);	
 	if(plr && plr->IsInWorld() && plr->GetSession()->GetSecurity() > cplr->GetSession()->GetSecurity())
 	{
 		SendSysMessage(LANG_COMMAND_TICKETUNASSIGNSECURITY);
@@ -516,7 +519,7 @@ bool ChatHandler::HandleGMTicketCommentCommand(const char* args)
 	Player *cplr = m_session->GetPlayer();
 	GM_Ticket *ticket = ticketmgr.GetGMTicket(ticketGuid);
 
-	if(!ticket || ticket->closed == 1)
+	if(!ticket || ticket->closed != 0)
 	{
 		PSendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
 		return true;
@@ -550,14 +553,17 @@ bool ChatHandler::HandleGMTicketDeleteByIdCommand(const char* args)
 		SendSysMessage(LANG_COMMAND_TICKETNOTEXIST);
 		return true;
 	}
-	if(!ticket->closed == 1)
+	if(ticket->closed == 0)
 	{
 		SendSysMessage(LANG_COMMAND_TICKETCLOSEFIRST);
 		return true;
 	}
 	
-	std::string gmname = m_session->GetPlayer()->GetName();
-	sWorld.SendGMText(LANG_COMMAND_TICKETDELETED, ticket->guid, gmname.c_str());
+	std::stringstream ss;
+	ss << "|cff00ff00Ticket:|r ";
+	ss << "|cffff00ff" << m_session->GetPlayer()->GetName() << "|r";
+	ss << "|cff00ff00 deleted.|r";
+	SendGlobalGMSysMessage(ss.str().c_str());
 	Player *plr = objmgr.GetPlayer(ticket->playerGuid);
 	ticketmgr.DeleteGMTicketPermanently(ticket->guid);
 	if(plr && plr->IsInWorld())
diff --git a/src/game/TicketHandler.cpp b/src/game/TicketHandler.cpp
index f3374332f79..1e1d97fd4ce 100644
--- a/src/game/TicketHandler.cpp
+++ b/src/game/TicketHandler.cpp
@@ -36,8 +36,6 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
 	// always do a packet check
     CHECK_PACKET_SIZE(recv_data, 4*4+1+2*4);
 
-    uint32 map;
-    float x, y, z;
     std::string ticketText = "";
 	std::string ticketText2 = "";
 	GM_Ticket *ticket = new GM_Ticket;
@@ -45,13 +43,9 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
 	WorldPacket data(SMSG_GMTICKET_CREATE, 4);
 
 	// recv Data
-	recv_data >> map;
-	recv_data >> x;
-	recv_data >> y;
-	recv_data >> z;
 	recv_data >> ticketText;
 
-	// get additional data
+	// get additional data, rarely used
 	recv_data >> ticketText2;
 	
 	// assign values
@@ -65,7 +59,7 @@ void WorldSession::HandleGMTicketCreateOpcode( WorldPacket & recv_data )
 	ticket->comment = "";
 
 	// remove ticket by player, shouldn't happen
-	ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID());
+	ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID(), GetPlayer()->GetGUID());
 	
 	// add ticket
 	ticketmgr.AddGMTicket(ticket, false);
@@ -140,7 +134,7 @@ void WorldSession::HandleGMTicketDeleteOpcode( WorldPacket & /*recv_data*/)
 		SendPacket(&data);
 
 		sWorld.SendGMText(LANG_COMMAND_TICKETPLAYERABANDON, GetPlayer()->GetName(), ticket->guid );
-		ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID());
+		ticketmgr.RemoveGMTicketByPlayer(GetPlayer()->GetGUID(), GetPlayer()->GetGUID());
 	}
 }
 
diff --git a/src/game/TicketMgr.cpp b/src/game/TicketMgr.cpp
index 0f1f7501e67..ffa8c522672 100644
--- a/src/game/TicketMgr.cpp
+++ b/src/game/TicketMgr.cpp
@@ -24,13 +24,9 @@
 #include "ObjectMgr.h"
 #include "Language.h"
 #include "Player.h"
-INSTANTIATE_SINGLETON_1( TicketMgr );
-
 #include "Common.h"
-//#include "Log.h"
 #include "ObjectAccessor.h"
-
-
+INSTANTIATE_SINGLETON_1( TicketMgr );
 
 GM_Ticket* TicketMgr::GetGMTicket(uint64 ticketGuid)
 {
@@ -106,7 +102,7 @@ void TicketMgr::DeleteGMTicketPermanently(uint64 ticketGuid)
 	}
 
 	// delete database record
-	CharacterDatabase.PExecute("DELETE FROM gm_tickets WHERE guid=%u", ticketGuid);
+	CharacterDatabase.PExecute("DELETE FROM `gm_tickets` WHERE guid= '%u'", ticketGuid);
 }
 
 
@@ -114,13 +110,13 @@ void TicketMgr::LoadGMTickets()
 {
 	// Delete all out of object holder
 	GM_TicketList.clear();
-	QueryResult *result = CharacterDatabase.Query( "SELECT `guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment` FROM gm_tickets WHERE closed = '0'" );
+	QueryResult *result = CharacterDatabase.Query( "SELECT `guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment` FROM `gm_tickets` WHERE `closed` = '0'" );
 	GM_Ticket *ticket;
 	
-	//ticket = NULL;
 	if(!result)
 		return;
 
+	// Assign values from SQL to the object holder
 	do
 	{
 		Field *fields = result->Fetch();
@@ -143,13 +139,13 @@ void TicketMgr::LoadGMTickets()
 	delete result;
 }
 
-void TicketMgr::RemoveGMTicket(uint64 ticketGuid)
+void TicketMgr::RemoveGMTicket(uint64 ticketGuid, uint64 GMguid)
 {
 	for(GmTicketList::iterator i = GM_TicketList.begin(); i != GM_TicketList.end();)
 	{
 		if((*i)->guid == ticketGuid && (*i)->closed == 0)
 		{
-			(*i)->closed = 1;
+			(*i)->closed = GMguid;
 			SaveGMTicket((*i));
 		}
 		++i;
@@ -157,13 +153,13 @@ void TicketMgr::RemoveGMTicket(uint64 ticketGuid)
 }
 
 
-void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid)
+void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid, uint64 GMguid)
 {
 	for(GmTicketList::iterator i = GM_TicketList.begin(); i != GM_TicketList.end();)
 	{
 		if((*i)->playerGuid == playerGuid && (*i)->closed == 0)
 		{
-			(*i)->closed = true;
+			(*i)->closed = GMguid;
 			SaveGMTicket((*i));
 		}
 		++i;
@@ -173,15 +169,15 @@ void TicketMgr::RemoveGMTicketByPlayer(uint64 playerGuid)
 void TicketMgr::SaveGMTicket(GM_Ticket* ticket)
 {
 	std::stringstream ss;
-	ss << "REPLACE INTO gm_tickets (`guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment`) VALUES(";
-	ss << ticket->guid << ", ";
-	ss << ticket->playerGuid << ", '";
-	ss << ticket->name << "', '";
-	ss << ticket->message << "', " ;
-	ss << ticket->timestamp << ", ";
-	ss << ticket->closed << ", '";
-	ss << ticket->assignedToGM << "', '";
-	ss << ticket->comment << "');";
+	ss << "REPLACE INTO `gm_tickets` (`guid`, `playerGuid`, `name`, `message`, `timestamp`, `closed`, `assignedto`, `comment`) VALUES(\"";
+	ss << ticket->guid << "\", \"";
+	ss << ticket->playerGuid << "\", \"";
+	ss << ticket->name << "\", \"";
+	ss << ticket->message << "\", \"" ;
+	ss << ticket->timestamp << "\", \"";
+	ss << ticket->closed << "\", \"";
+	ss << ticket->assignedToGM << "\", \"";
+	ss << ticket->comment << "\");";
 
 	CharacterDatabase.BeginTransaction();
 	CharacterDatabase.Execute(ss.str().c_str());
@@ -203,5 +199,5 @@ uint64 TicketMgr::GenerateTicketID()
 		delete result;
 	}
 
-	return m_ticketid;
+	return ++m_ticketid;
 }
 \ No newline at end of file
diff --git a/src/game/TicketMgr.h b/src/game/TicketMgr.h
index e41be9db5c3..33a9598e7cf 100644
--- a/src/game/TicketMgr.h
+++ b/src/game/TicketMgr.h
@@ -39,27 +39,13 @@ struct GM_Ticket
 	std::string comment;
 };
 
-enum GMticketType
-{
-	GM_TICKET_TYPE_STUCK				= 1,
-	GM_TICKET_TYPE_BEHAVIOR_HARASSMENT	= 2,
-	GM_TICKET_TYPE_GUILD				= 3,
-	GM_TICKET_TYPE_ITEM					= 4,
-	GM_TICKET_TYPE_ENVIRONMENTAL		= 5,
-	GM_TICKET_TYPE_NON_QUEST_CREEP		= 6,
-	GM_TICKET_TYPE_QUEST_QUEST_NPC		= 7,
-	GM_TICKET_TYPE_TECHNICAL			= 8,
-	GM_TICKET_TYPE_ACCOUNT_BILLING		= 9,
-	GM_TICKET_TYPE_CHARACTER			= 10
-};
-
 // Map Typedef
 typedef std::list<GM_Ticket*>                                       GmTicketList;
 
 class TicketMgr
 {
 	public:
-		TicketMgr(){}	//constructor
+		TicketMgr(){m_ticketid = 1;}	//constructor
 		~TicketMgr(){}	//destructor
 
 		// Object Holder
@@ -69,8 +55,8 @@ class TicketMgr
 		void DeleteAllRemovedGMTickets();
 		void DeleteGMTicketPermanently(uint64 ticketGuid);
 		void LoadGMTickets();
-		void RemoveGMTicketByPlayer(uint64 playerGuid);
-		void RemoveGMTicket(uint64 ticketGuid);
+		void RemoveGMTicketByPlayer(uint64 playerGuid, uint64 GMguid);
+		void RemoveGMTicket(uint64 ticketGuid, uint64 GMguid);
 		void UpdateGMTicket(GM_Ticket *ticket);
 		void SaveGMTicket(GM_Ticket* ticket);
author	Blaymoira <none@none>	2009-01-04 19:34:15 +0100
committer	Blaymoira <none@none>	2009-01-04 19:34:15 +0100
commit	0389ed45281b65c39b034bf4cc899dbdaf5d04ce (patch)
tree	9bea18ebd282461229cafb2f6075bfede3a9eab5
parent	b9f1a0fda1fee76b57ba1fcdaec82be18610bcc0 (diff)