From 52278ce6f2c0ac0271d8d23ee3fff2670411ee4b Mon Sep 17 00:00:00 2001
From: server <server@jakubkadlec.dev>
Date: Tue, 14 Apr 2026 16:43:52 +0200
Subject: [PATCH] game: make log escaping safe before SQL connect

---
 src/game/log.cpp | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/game/log.cpp b/src/game/log.cpp
index 0614546..0f4a69c 100644
--- a/src/game/log.cpp
+++ b/src/game/log.cpp
@@ -45,6 +45,33 @@ std::string LogManager::EscapeForQuery(const char* text)
 		return {};
 
 	const size_t text_length = strlen(text);
+
+	auto append_escaped_char = [](std::string& out, char ch)
+	{
+		switch (ch)
+		{
+			case '\0': out += "\\0"; break;
+			case '\n': out += "\\n"; break;
+			case '\r': out += "\\r"; break;
+			case '\\': out += "\\\\"; break;
+			case '\'': out += "\\'"; break;
+			case '"': out += "\\\""; break;
+			case '\b': out += "\\b"; break;
+			case '\t': out += "\\t"; break;
+			case '\032': out += "\\Z"; break;
+			default: out.push_back(ch); break;
+		}
+	};
+
+	if (!m_bIsConnect)
+	{
+		std::string escaped;
+		escaped.reserve(text_length * 2);
+		for (size_t i = 0; i < text_length; ++i)
+			append_escaped_char(escaped, text[i]);
+		return escaped;
+	}
+
 	std::string escaped(text_length * 2 + 1, '\0');
 	const size_t escaped_length = m_sql.EscapeString(escaped.data(), escaped.size(), text, text_length);
 	escaped.resize(escaped_length);