From f8cb2f528ba2bc4d4006c529be41430d46031282 Mon Sep 17 00:00:00 2001
From: Vinolentus <none@none>
Date: Mon, 12 Dec 2011 20:36:46 +0100
Subject: Core/ObjectMgr: Fix possible SQL injection for game_tele

---
 src/server/game/Globals/ObjectMgr.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/server')

diff --git a/src/server/game/Globals/ObjectMgr.cpp b/src/server/game/Globals/ObjectMgr.cpp
index 75573367241..ff3815d367f 100755
--- a/src/server/game/Globals/ObjectMgr.cpp
+++ b/src/server/game/Globals/ObjectMgr.cpp
@@ -8040,8 +8040,11 @@ bool ObjectMgr::AddGameTele(GameTele& tele)
 
     m_GameTeleMap[new_id] = tele;
 
+    std::string safeName(tele.name);
+    WorldDatabase.escape_string(safeName);
+
     WorldDatabase.PExecute("INSERT INTO game_tele (id, position_x, position_y, position_z, orientation, map, name) VALUES (%u, %f, %f, %f, %f, %d, '%s')",
-        new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, tele.name.c_str());
+        new_id, tele.position_x, tele.position_y, tele.position_z, tele.orientation, tele.mapId, safeName.c_str());
     return true;
 }
 
-- 
cgit v1.2.3