diff options
| author | Vinolentus <none@none> | 2011-12-12 20:36:46 +0100 |
|---|---|---|
| committer | kaelima <kaelima@live.se> | 2011-12-12 20:36:46 +0100 |
| commit | f8cb2f528ba2bc4d4006c529be41430d46031282 (patch) | |
| tree | 5f816e305fd9bd94ff34c3f2b62922e3b231bede /src | |
| parent | e34eda37c74dcba3c5c59394bfa4ee4203cee73f (diff) | |
Core/ObjectMgr: Fix possible SQL injection for game_tele
Diffstat (limited to 'src')
| -rwxr-xr-x | src/server/game/Globals/ObjectMgr.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/server/game/Globals/ObjectMgr.cpp b/src/server/game/Globals/ObjectMgr.cpp index 75573367241..ff3815d367f 100755 --- a/src/server/game/Globals/ObjectMgr.cpp +++ b/src/server/game/Globals/ObjectMgr.cpp @@ -8040,8 +8040,11 @@ bool ObjectMgr::AddGameTele(GameTele& tele) m_GameTeleMap[new_id] = tele; + std::string safeName(tele.name); + WorldDatabase.escape_string(safeName); + WorldDatabase.PExecute("INSERT INTO game_tele (id, position_x, position_y, position_z, orientation, map, name) VALUES (%u, %f, %f, %f, %f, %d, '%s')", - new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, tele.name.c_str()); + new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, safeName.c_str()); return true; } |