Core/DBLayer: Prevent using prepared statements on wrong database

(cherry picked from commit e8e89f58fb800014f53341f12505f60ee2b5fb6f) # Conflicts: # src/server/bnetserver/REST/LoginRESTService.cpp # src/server/bnetserver/Server/Session.cpp # src/server/database/Database/DatabaseWorkerPool.cpp # src/server/database/Database/Implementation/HotfixDatabase.h # src/server/database/Database/MySQLConnection.cpp # src/server/database/Database/MySQLConnection.h # src/server/database/Database/PreparedStatement.cpp # src/server/database/Database/PreparedStatement.h # src/server/database/Database/QueryHolder.cpp # src/server/database/Database/SQLOperation.h # src/server/database/Database/Transaction.h # src/server/game/Accounts/BattlenetAccountMgr.cpp # src/server/game/Achievements/AchievementMgr.cpp # src/server/game/AuctionHouse/AuctionHouseMgr.cpp # src/server/game/AuctionHouseBot/AuctionHouseBot.cpp # src/server/game/AuctionHouseBot/AuctionHouseBotBuyer.cpp # src/server/game/BattlePets/BattlePetMgr.cpp # src/server/game/Battlegrounds/ArenaTeam.cpp # src/server/game/BlackMarket/BlackMarketMgr.cpp # src/server/game/Chat/Channels/Channel.cpp # src/server/game/Entities/Corpse/Corpse.cpp # src/server/game/Entities/Creature/Creature.cpp # src/server/game/Entities/GameObject/GameObject.cpp # src/server/game/Entities/Item/Item.cpp # src/server/game/Entities/Pet/Pet.cpp # src/server/game/Entities/Player/CollectionMgr.cpp # src/server/game/Entities/Player/Player.cpp # src/server/game/Garrison/Garrison.cpp # src/server/game/Globals/ObjectMgr.cpp # src/server/game/Groups/Group.cpp # src/server/game/Guilds/Guild.cpp # src/server/game/Guilds/GuildFinderMgr.cpp # src/server/game/Guilds/GuildMgr.cpp # src/server/game/Handlers/AuctionHouseHandler.cpp # src/server/game/Handlers/CharacterHandler.cpp # src/server/game/Handlers/ItemHandler.cpp # src/server/game/Handlers/MailHandler.cpp # src/server/game/Handlers/MiscHandler.cpp # src/server/game/Handlers/PetitionsHandler.cpp # src/server/game/Handlers/SpellHandler.cpp # src/server/game/Handlers/TicketHandler.cpp # src/server/game/Loot/Loot.cpp # src/server/game/Mails/Mail.cpp # src/server/game/Maps/Map.cpp # src/server/game/Movement/Waypoints/WaypointManager.cpp # src/server/game/OutdoorPvP/OutdoorPvP.cpp # src/server/game/Pools/PoolMgr.cpp # src/server/game/Quests/QuestObjectiveCriteriaMgr.cpp # src/server/game/Reputation/ReputationMgr.cpp # src/server/game/Scenarios/InstanceScenario.cpp # src/server/game/Server/WorldSession.cpp # src/server/game/Server/WorldSocket.cpp # src/server/game/Spells/SpellHistory.cpp # src/server/game/Support/SupportMgr.cpp # src/server/game/Tools/PlayerDump.cpp # src/server/game/World/World.cpp # src/server/scripts/Commands/cs_account.cpp # src/server/scripts/Commands/cs_ban.cpp # src/server/scripts/Commands/cs_battlenet_account.cpp # src/server/scripts/Commands/cs_group.cpp # src/server/scripts/Commands/cs_lfg.cpp # src/server/scripts/Commands/cs_list.cpp # src/server/scripts/Commands/cs_message.cpp # src/server/scripts/Commands/cs_misc.cpp # src/server/scripts/Commands/cs_npc.cpp # src/server/scripts/Commands/cs_tele.cpp # src/server/scripts/Commands/cs_wp.cpp # src/server/shared/DataStores/DB2DatabaseLoader.cpp # src/server/shared/Realm/RealmList.cpp
author: Shauren <shauren.trinity@gmail.com> 2019-07-27 01:00:37 +0200
committer: Giacomo Pozzoni <giacomopoz@gmail.com> 2020-03-31 13:42:01 +0000
commit: fe1003bdbd88e2bccf2ac91ffd18804a6d9b6fb3 (patch)
tree: 35657c5b61793491be1c52364eb48b1fdb13003c /src/server/game/World
parent: f880132bb952656378172c9b54093473d279f506 (diff)
1 files changed, 26 insertions, 21 deletions
diff --git a/src/server/game/World/World.cpp b/src/server/game/World/World.cpp
index 19724b603f5..24c1167fde1 100644
--- a/src/server/game/World/World.cpp
+++ b/src/server/game/World/World.cpp
@@ -205,7 +205,7 @@ void World::SetClosed(bool val)
 
 void World::LoadDBAllowedSecurityLevel()
 {
-    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST_SECURITY_LEVEL);
+    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_REALMLIST_SECURITY_LEVEL);
     stmt->setInt32(0, int32(realm.Id.Realm));
     PreparedQueryResult result = LoginDatabase.Query(stmt);
 
@@ -2253,7 +2253,7 @@ void World::LoadAutobroadcasts()
     m_AutobroadcastsWeights.clear();
 
     uint32 realmId = sConfigMgr->GetIntDefault("RealmID", 0);
-    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_AUTOBROADCAST);
+    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_AUTOBROADCAST);
     stmt->setInt32(0, realmId);
     PreparedQueryResult result = LoginDatabase.Query(stmt);
 
@@ -2383,7 +2383,7 @@ void World::Update(uint32 diff)
 
         m_timers[WUPDATE_UPTIME].Reset();
 
-        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_UPTIME_PLAYERS);
+        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_UPTIME_PLAYERS);
 
         stmt->setUInt32(0, tmpDiff);
         stmt->setUInt16(1, uint16(maxOnlinePlayers));
@@ -2400,7 +2400,7 @@ void World::Update(uint32 diff)
         {
             m_timers[WUPDATE_CLEANDB].Reset();
 
-            PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_OLD_LOGS);
+            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_OLD_LOGS);
 
             stmt->setUInt32(0, sWorld->getIntConfig(CONFIG_LOGDB_CLEARTIME));
             stmt->setUInt32(1, uint32(time(0)));
@@ -2717,7 +2717,6 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, std::stri
 BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 duration_secs, std::string const& reason, std::string const& author)
 {
     PreparedQueryResult resultAccounts = PreparedQueryResult(nullptr); //used for kicking
-    PreparedStatement* stmt = nullptr;
 
     // Prevent banning an already banned account
     if (mode == BAN_ACCOUNT && AccountMgr::IsBannedAccount(nameOrIP))
@@ -2727,8 +2726,9 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
     switch (mode)
     {
         case BAN_IP:
+        {
             // No SQL injection with prepared statements
-            stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_IP);
+            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_IP);
             stmt->setString(0, nameOrIP);
             resultAccounts = LoginDatabase.Query(stmt);
             stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_BANNED);
@@ -2738,18 +2738,23 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
             stmt->setString(3, reason);
             LoginDatabase.Execute(stmt);
             break;
+        }
         case BAN_ACCOUNT:
+        {
             // No SQL injection with prepared statements
-            stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
+            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ID_BY_NAME);
             stmt->setString(0, nameOrIP);
             resultAccounts = LoginDatabase.Query(stmt);
             break;
+        }
         case BAN_CHARACTER:
+        {
             // No SQL injection with prepared statements
-            stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_ACCOUNT_BY_NAME);
+            CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_ACCOUNT_BY_NAME);
             stmt->setString(0, nameOrIP);
             resultAccounts = CharacterDatabase.Query(stmt);
             break;
+        }
         default:
             return BAN_SYNTAX_ERROR;
     }
@@ -2772,7 +2777,7 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
         if (mode != BAN_IP)
         {
             // make sure there is only one active ban
-            stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_NOT_BANNED);
+            LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_ACCOUNT_NOT_BANNED);
             stmt->setUInt32(0, account);
             trans->Append(stmt);
             // No SQL injection with prepared statements
@@ -2797,7 +2802,7 @@ BanReturn World::BanAccount(BanMode mode, std::string const& nameOrIP, uint32 du
 /// Remove a ban from an account or IP address
 bool World::RemoveBanAccount(BanMode mode, std::string const& nameOrIP)
 {
-    PreparedStatement* stmt = nullptr;
+    LoginDatabasePreparedStatement* stmt = nullptr;
     if (mode == BAN_IP)
     {
         stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_IP_NOT_BANNED);
@@ -2845,7 +2850,7 @@ BanReturn World::BanCharacter(std::string const& name, std::string const& durati
     //Use transaction in order to ensure the order of the queries
     SQLTransaction trans = CharacterDatabase.BeginTransaction();
     // make sure there is only one active ban
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
     stmt->setUInt32(0, guid);
     trans->Append(stmt);
 
@@ -2884,7 +2889,7 @@ bool World::RemoveBanCharacter(std::string const& name)
     if (!guid)
         return false;
 
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_CHARACTER_BAN);
     stmt->setUInt32(0, guid);
     CharacterDatabase.Execute(stmt);
     return true;
@@ -3111,7 +3116,7 @@ void World::SendAutoBroadcast()
 
 void World::UpdateRealmCharCount(uint32 accountId)
 {
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHARACTER_COUNT);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHARACTER_COUNT);
     stmt->setUInt32(0, accountId);
     _queryProcessor.AddQuery(CharacterDatabase.AsyncQuery(stmt).WithPreparedCallback(std::bind(&World::_UpdateRealmCharCount, this, std::placeholders::_1)));
 }
@@ -3126,7 +3131,7 @@ void World::_UpdateRealmCharCount(PreparedQueryResult resultCharCount)
 
         SQLTransaction trans = LoginDatabase.BeginTransaction();
 
-        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_REALM_CHARACTERS_BY_REALM);
+        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_REALM_CHARACTERS_BY_REALM);
         stmt->setUInt32(0, accountId);
         stmt->setUInt32(1, realm.Id.Realm);
         trans->Append(stmt);
@@ -3156,7 +3161,7 @@ static time_t GetNextDailyResetTime(time_t t)
 void World::ResetDailyQuests()
 {
     // reset all saved quest status
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_DAILY);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_DAILY);
     CharacterDatabase.Execute(stmt);
     // reset all quest status in memory
     for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3192,7 +3197,7 @@ static time_t GetNextWeeklyResetTime(time_t t)
 void World::ResetWeeklyQuests()
 {
     // reset all saved quest status
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_WEEKLY);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_WEEKLY);
     CharacterDatabase.Execute(stmt);
     // reset all quest status in memory
     for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3228,7 +3233,7 @@ static time_t GetNextMonthlyResetTime(time_t t)
 void World::ResetMonthlyQuests()
 {
     // reset all saved quest status
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_MONTHLY);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_MONTHLY);
     CharacterDatabase.Execute(stmt);
     // reset all quest status in memory
     for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3337,7 +3342,7 @@ void World::ResetEventSeasonalQuests(uint16 event_id)
 {
     TC_LOG_INFO("misc", "Seasonal quests reset for all characters.");
 
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_SEASONAL_BY_EVENT);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_RESET_CHARACTER_QUESTSTATUS_SEASONAL_BY_EVENT);
     stmt->setUInt16(0, event_id);
     CharacterDatabase.Execute(stmt);
 
@@ -3350,7 +3355,7 @@ void World::ResetRandomBG()
 {
     TC_LOG_INFO("misc", "Random BG status reset for all characters.");
 
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_BATTLEGROUND_RANDOM_ALL);
+    CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_BATTLEGROUND_RANDOM_ALL);
     CharacterDatabase.Execute(stmt);
 
     for (SessionMap::const_iterator itr = m_sessions.begin(); itr != m_sessions.end(); ++itr)
@@ -3458,7 +3463,7 @@ void World::setWorldState(uint32 index, uint64 value)
         if (it->second == value)
             return;
 
-        PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_WORLDSTATE);
+        CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_UPD_WORLDSTATE);
 
         stmt->setUInt32(0, uint32(value));
         stmt->setUInt32(1, index);
@@ -3467,7 +3472,7 @@ void World::setWorldState(uint32 index, uint64 value)
     }
     else
     {
-        PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_WORLDSTATE);
+        CharacterDatabasePreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_INS_WORLDSTATE);
 
         stmt->setUInt32(0, index);
         stmt->setUInt32(1, uint32(value));
author	Shauren <shauren.trinity@gmail.com>	2019-07-27 01:00:37 +0200
committer	Giacomo Pozzoni <giacomopoz@gmail.com>	2020-03-31 13:42:01 +0000
commit	fe1003bdbd88e2bccf2ac91ffd18804a6d9b6fb3 (patch)
tree	35657c5b61793491be1c52364eb48b1fdb13003c /src/server/game/World
parent	f880132bb952656378172c9b54093473d279f506 (diff)