aboutsummaryrefslogtreecommitdiff
path: root/src/server/game/World
diff options
context:
space:
mode:
authorShauren <shauren.trinity@gmail.com>2019-07-27 01:00:37 +0200
committerShauren <shauren.trinity@gmail.com>2019-07-27 01:00:37 +0200
commite8e89f58fb800014f53341f12505f60ee2b5fb6f (patch)
tree2b63800163e2026be75621a36ddf1218bdbf9dab /src/server/game/World
parent1dcbceba81002ba6ff83129d403763df398f9736 (diff)
Core/DBLayer: Prevent using prepared statements on wrong database
Diffstat (limited to 'src/server/game/World')
-rw-r--r--src/server/game/World/World.cpp47
1 files changed, 26 insertions, 21 deletions
diff --git a/src/server/game/World/World.cpp b/src/server/game/World/World.cpp
index 839845c010a..2830bb8efff 100644
--- a/src/server/game/World/World.cpp
+++ b/src/server/game/World/World.cpp
@@ -2258,7 +2258,7 @@ void World::LoadAutobroadcasts()
m_Autobroadcasts.clear();
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_AUTOBROADCAST);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_AUTOBROADCAST);
stmt->setInt32(0, realm.Id.Realm);
PreparedQueryResult result = LoginDatabase.Query(stmt);
@@ -2413,7 +2413,7 @@ void World::Update(uint32 diff)
m_timers[WUPDATE_UPTIME].Reset();
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_UPTIME_PLAYERS);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_UPTIME_PLAYERS);
stmt->setUInt32(0, tmpDiff);
stmt->setUInt16(1, uint16(maxOnlinePlayers));
@@ -2430,7 +2430,7 @@ void World::Update(uint32 diff)
{
m_timers[WUPDATE_CLEANDB].Reset();
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_OLD_LOGS);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_OLD_LOGS);
stmt->setUInt32(0, sWorld->getIntConfig(CONFIG_LOGDB_CLEARTIME));
stmt->setUInt32(1, uint32(time(0)));
@@ -2747,7 +2747,6 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, std::stri
BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 duration_secs, std::string const& reason, std::string const& author)
{
PreparedQueryResult resultAccounts = PreparedQueryResult(NULL); //used for kicking
- PreparedStatement* stmt = NULL;
// Prevent banning an already banned account
if (mode == BAN_ACCOUNT && AccountMgr::IsBannedAccount(nameOrIP))
@@ -2757,8 +2756,9 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
switch (mode)
{
case BAN_IP:
+ {
// No SQL injection with prepared statements
- stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_IP);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_IP);
stmt->setString(0, nameOrIP);
resultAccounts = LoginDatabase.Query(stmt);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_BANNED);
@@ -2768,18 +2768,23 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
stmt->setString(3, reason);
LoginDatabase.Execute(stmt);
break;
+ }
case BAN_ACCOUNT:
+ {
// No SQL injection with prepared statements
- stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
stmt->setString(0, nameOrIP);
resultAccounts = LoginDatabase.Query(stmt);
break;
+ }
case BAN_CHARACTER:
+ {
// No SQL injection with prepared statements
- stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_ACCOUNT_BY_NAME);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_ACCOUNT_BY_NAME);
stmt->setString(0, nameOrIP);
resultAccounts = CharacterDatabase.Query(stmt);
break;
+ }
default:
return BAN_SYNTAX_ERROR;
}
@@ -2802,7 +2807,7 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
if (mode != BAN_IP)
{
// make sure there is only one active ban
- stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_NOT_BANNED);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_NOT_BANNED);
stmt->setUInt32(0, account);
trans->Append(stmt);
// No SQL injection with prepared statements
@@ -2827,7 +2832,7 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
/// Remove a ban from an account or IP address
bool World::RemoveBanAccount(BanMode mode, std::string const& nameOrIP)
{
- PreparedStatement* stmt = NULL;
+ LoginDatabasePreparedStatement* stmt = NULL;
if (mode == BAN_IP)
{
stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_IP_NOT_BANNED);
@@ -2874,7 +2879,7 @@ BanReturn World::BanCharacter(std::string const& name, std::string const& durati
//Use transaction in order to ensure the order of the queries
SQLTransaction trans = CharacterDatabase.BeginTransaction();
// make sure there is only one active ban
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
stmt->setUInt64(0, guid.GetCounter());
trans->Append(stmt);
@@ -2908,7 +2913,7 @@ bool World::RemoveBanCharacter(std::string const& name)
else
guid = banned->GetGUID();
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
stmt->setUInt64(0, guid.GetCounter());
CharacterDatabase.Execute(stmt);
return true;
@@ -3111,7 +3116,7 @@ void World::SendAutoBroadcast()
void World::UpdateRealmCharCount(uint32 accountId)
{
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHARACTER_COUNT);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHARACTER_COUNT);
stmt->setUInt32(0, accountId);
_queryProcessor.AddQuery(CharacterDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&World::_UpdateRealmCharCount, this, std::placeholders::_1)));
}
@@ -3126,7 +3131,7 @@ void World::_UpdateRealmCharCount(PreparedQueryResult resultCharCount)
SQLTransaction trans = LoginDatabase.BeginTransaction();
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_REALM_CHARACTERS_BY_REALM);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_REALM_CHARACTERS_BY_REALM);
stmt->setUInt32(0, accountId);
stmt->setUInt32(1, realm.Id.Realm);
trans->Append(stmt);
@@ -3280,7 +3285,7 @@ void World::DailyReset()
{
TC_LOG_INFO("misc", "Daily quests reset for all characters.");
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_DAILY);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_DAILY);
CharacterDatabase.Execute(stmt);
stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_GARRISON_FOLLOWER_ACTIVATIONS);
@@ -3309,7 +3314,7 @@ void World::ResetCurrencyWeekCap()
void World::LoadDBAllowedSecurityLevel()
{
- PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST_SECURITY_LEVEL);
+ LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST_SECURITY_LEVEL);
stmt->setInt32(0, int32(realm.Id.Realm));
PreparedQueryResult result = LoginDatabase.Query(stmt);
@@ -3330,7 +3335,7 @@ void World::ResetWeeklyQuests()
{
TC_LOG_INFO("misc", "Weekly quests reset for all characters.");
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_WEEKLY);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_WEEKLY);
CharacterDatabase.Execute(stmt);
for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3348,7 +3353,7 @@ void World::ResetMonthlyQuests()
{
TC_LOG_INFO("misc", "Monthly quests reset for all characters.");
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_MONTHLY);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_MONTHLY);
CharacterDatabase.Execute(stmt);
for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3392,7 +3397,7 @@ void World::ResetEventSeasonalQuests(uint16 event_id)
{
TC_LOG_INFO("misc", "Seasonal quests reset for all characters.");
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_SEASONAL_BY_EVENT);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_SEASONAL_BY_EVENT);
stmt->setUInt16(0, event_id);
CharacterDatabase.Execute(stmt);
@@ -3405,7 +3410,7 @@ void World::ResetRandomBG()
{
TC_LOG_INFO("misc", "Random BG status reset for all characters.");
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_BATTLEGROUND_RANDOM_ALL);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_BATTLEGROUND_RANDOM_ALL);
CharacterDatabase.Execute(stmt);
for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3507,7 +3512,7 @@ void World::setWorldState(uint32 index, uint32 value)
if (it->second == value)
return;
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_WORLDSTATE);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_WORLDSTATE);
stmt->setUInt32(0, uint32(value));
stmt->setUInt32(1, index);
@@ -3516,7 +3521,7 @@ void World::setWorldState(uint32 index, uint32 value)
}
else
{
- PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_WORLDSTATE);
+ CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_WORLDSTATE);
stmt->setUInt32(0, index);
stmt->setUInt32(1, uint32(value));