fix(Scripts/Commands): Prevent crash if you use doublequotes in go cr… (#20012)

fix(Scripts/Commands): Prevent crash if you use doublequotes in go creature name * closes https://github.com/azerothcore/azerothcore-wotlk/issues/20010
author: Kitzunu <24550914+Kitzunu@users.noreply.github.com> 2024-09-21 23:30:58 +0200
committer: GitHub <noreply@github.com> 2024-09-21 18:30:58 -0300
commit: d227ed91c20f147686f9735bfab1455c5f8966fc (patch)
tree: 554b3bc76b2588a11471bab32dba307f3aa49b77 /src
parent: cfd7bf416207f78028ed1532db3d2bfd44dab406 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/server/scripts/Commands/cs_go.cpp b/src/server/scripts/Commands/cs_go.cpp
index 4169428fe2..b533d14d5f 100644
--- a/src/server/scripts/Commands/cs_go.cpp
+++ b/src/server/scripts/Commands/cs_go.cpp
@@ -123,7 +123,14 @@ public:
         if (!name.data())
             return false;
 
-        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1" , name.data());
+        // Make sure we don't pass double quotes into the SQL query. Otherwise it causes a MySQL error
+        std::string str = name.data(); // Making subtractions to the last character does not with in string_view
+        if (str.front() == '"')
+            str = str.substr(1);
+        if (str.back() == '"')
+            str = str.substr(0, str.size() - 1);
+
+        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1", str);
         if (!result)
         {
             handler->SendErrorMessage(LANG_COMMAND_GOCREATNOTFOUND);
author	Kitzunu <24550914+Kitzunu@users.noreply.github.com>	2024-09-21 23:30:58 +0200
committer	GitHub <noreply@github.com>	2024-09-21 18:30:58 -0300
commit	d227ed91c20f147686f9735bfab1455c5f8966fc (patch)
tree	554b3bc76b2588a11471bab32dba307f3aa49b77 /src
parent	cfd7bf416207f78028ed1532db3d2bfd44dab406 (diff)