game: escape log query inputs
This commit is contained in:
server
@@ -8,7 +8,20 @@
|
||||
#include "item.h"
|
||||
#include "locale_service.h"
|
||||
|
||||
static char __escape_hint[1024];
|
||||
namespace
|
||||
{
|
||||
std::string EscapeLogString(CAsyncSQL& sql, const char* value)
|
||||
{
|
||||
if (!value || *value == '\0')
|
||||
return {};
|
||||
|
||||
const size_t length = strlen(value);
|
||||
std::string escaped(length * 2 + 1, '\0');
|
||||
const size_t escapedLength = sql.EscapeString(escaped.data(), escaped.size(), value, length);
|
||||
escaped.resize(escapedLength);
|
||||
return escaped;
|
||||
}
|
||||
}
|
||||
|
||||
LogManager::LogManager() : m_bIsConnect(false)
|
||||
{
|
||||
@@ -48,10 +61,12 @@ bool LogManager::IsConnected()
|
||||
|
||||
void LogManager::ItemLog(DWORD dwPID, DWORD x, DWORD y, DWORD dwItemID, const char * c_pszText, const char * c_pszHint, const char * c_pszIP, DWORD dwVnum)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), c_pszHint, strlen(c_pszHint));
|
||||
const std::string escapedText = EscapeLogString(m_sql, c_pszText);
|
||||
const std::string escapedHint = EscapeLogString(m_sql, c_pszHint);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, c_pszIP);
|
||||
|
||||
Query("INSERT DELAYED INTO log%s (type, time, who, x, y, what, how, hint, ip, vnum) VALUES('ITEM', NOW(), %u, %u, %u, %u, '%s', '%s', '%s', %u)",
|
||||
get_table_postfix(), dwPID, x, y, dwItemID, c_pszText, __escape_hint, c_pszIP, dwVnum);
|
||||
get_table_postfix(), dwPID, x, y, dwItemID, escapedText.c_str(), escapedHint.c_str(), escapedIP.c_str(), dwVnum);
|
||||
}
|
||||
|
||||
void LogManager::ItemLog(LPCHARACTER ch, LPITEM item, const char * c_pszText, const char * c_pszHint)
|
||||
@@ -75,10 +90,12 @@ void LogManager::ItemLog(LPCHARACTER ch, int itemID, int itemVnum, const char *
|
||||
|
||||
void LogManager::CharLog(DWORD dwPID, DWORD x, DWORD y, DWORD dwValue, const char * c_pszText, const char * c_pszHint, const char * c_pszIP)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), c_pszHint, strlen(c_pszHint));
|
||||
const std::string escapedText = EscapeLogString(m_sql, c_pszText);
|
||||
const std::string escapedHint = EscapeLogString(m_sql, c_pszHint);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, c_pszIP);
|
||||
|
||||
Query("INSERT DELAYED INTO log%s (type, time, who, x, y, what, how, hint, ip) VALUES('CHARACTER', NOW(), %u, %u, %u, %u, '%s', '%s', '%s')",
|
||||
get_table_postfix(), dwPID, x, y, dwValue, c_pszText, __escape_hint, c_pszIP);
|
||||
get_table_postfix(), dwPID, x, y, dwValue, escapedText.c_str(), escapedHint.c_str(), escapedIP.c_str());
|
||||
}
|
||||
|
||||
void LogManager::CharLog(LPCHARACTER ch, DWORD dw, const char * c_pszText, const char * c_pszHint)
|
||||
@@ -108,9 +125,14 @@ void LogManager::MoneyLog(BYTE type, DWORD vnum, int gold)
|
||||
|
||||
void LogManager::HackLog(const char * c_pszHackName, const char * c_pszLogin, const char * c_pszName, const char * c_pszIP)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), c_pszHackName, strlen(c_pszHackName));
|
||||
const std::string escapedHackName = EscapeLogString(m_sql, c_pszHackName);
|
||||
const std::string escapedLogin = EscapeLogString(m_sql, c_pszLogin);
|
||||
const std::string escapedName = EscapeLogString(m_sql, c_pszName);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, c_pszIP);
|
||||
const std::string escapedHostname = EscapeLogString(m_sql, g_stHostname.c_str());
|
||||
|
||||
Query("INSERT INTO hack_log (time, login, name, ip, server, why) VALUES(NOW(), '%s', '%s', '%s', '%s', '%s')", c_pszLogin, c_pszName, c_pszIP, g_stHostname.c_str(), __escape_hint);
|
||||
Query("INSERT INTO hack_log (time, login, name, ip, server, why) VALUES(NOW(), '%s', '%s', '%s', '%s', '%s')",
|
||||
escapedLogin.c_str(), escapedName.c_str(), escapedIP.c_str(), escapedHostname.c_str(), escapedHackName.c_str());
|
||||
}
|
||||
|
||||
void LogManager::HackLog(const char * c_pszHackName, LPCHARACTER ch)
|
||||
@@ -126,12 +148,20 @@ void LogManager::HackLog(const char * c_pszHackName, LPCHARACTER ch)
|
||||
|
||||
void LogManager::HackCRCLog(const char * c_pszHackName, const char * c_pszLogin, const char * c_pszName, const char * c_pszIP, DWORD dwCRC)
|
||||
{
|
||||
Query("INSERT INTO hack_crc_log (time, login, name, ip, server, why, crc) VALUES(NOW(), '%s', '%s', '%s', '%s', '%s', %u)", c_pszLogin, c_pszName, c_pszIP, g_stHostname.c_str(), c_pszHackName, dwCRC);
|
||||
const std::string escapedHackName = EscapeLogString(m_sql, c_pszHackName);
|
||||
const std::string escapedLogin = EscapeLogString(m_sql, c_pszLogin);
|
||||
const std::string escapedName = EscapeLogString(m_sql, c_pszName);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, c_pszIP);
|
||||
const std::string escapedHostname = EscapeLogString(m_sql, g_stHostname.c_str());
|
||||
|
||||
Query("INSERT INTO hack_crc_log (time, login, name, ip, server, why, crc) VALUES(NOW(), '%s', '%s', '%s', '%s', '%s', %u)",
|
||||
escapedLogin.c_str(), escapedName.c_str(), escapedIP.c_str(), escapedHostname.c_str(), escapedHackName.c_str(), dwCRC);
|
||||
}
|
||||
|
||||
void LogManager::GoldBarLog(DWORD dwPID, DWORD dwItemID, GOLDBAR_HOW eHow, const char* c_pszHint)
|
||||
{
|
||||
char szHow[32+1];
|
||||
const std::string escapedHint = EscapeLogString(m_sql, c_pszHint);
|
||||
|
||||
switch (eHow)
|
||||
{
|
||||
@@ -169,7 +199,7 @@ void LogManager::GoldBarLog(DWORD dwPID, DWORD dwItemID, GOLDBAR_HOW eHow, const
|
||||
}
|
||||
|
||||
Query("INSERT DELAYED INTO goldlog%s (date, time, pid, what, how, hint) VALUES(CURDATE(), CURTIME(), %u, %u, %s, '%s')",
|
||||
get_table_postfix(), dwPID, dwItemID, szHow, c_pszHint);
|
||||
get_table_postfix(), dwPID, dwItemID, szHow, escapedHint.c_str());
|
||||
}
|
||||
|
||||
void LogManager::CubeLog(DWORD dwPID, DWORD x, DWORD y, DWORD item_vnum, DWORD item_uid, int item_count, bool success)
|
||||
@@ -188,34 +218,41 @@ void LogManager::SpeedHackLog(DWORD pid, DWORD x, DWORD y, int hack_count)
|
||||
|
||||
void LogManager::ChangeNameLog(DWORD pid, const char *old_name, const char *new_name, const char *ip)
|
||||
{
|
||||
const std::string escapedOldName = EscapeLogString(m_sql, old_name);
|
||||
const std::string escapedNewName = EscapeLogString(m_sql, new_name);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, ip);
|
||||
|
||||
Query("INSERT DELAYED INTO change_name%s (pid, old_name, new_name, time, ip) "
|
||||
"VALUES(%u, '%s', '%s', NOW(), '%s') ",
|
||||
get_table_postfix(), pid, old_name, new_name, ip);
|
||||
get_table_postfix(), pid, escapedOldName.c_str(), escapedNewName.c_str(), escapedIP.c_str());
|
||||
}
|
||||
|
||||
void LogManager::GMCommandLog(DWORD dwPID, const char* szName, const char* szIP, BYTE byChannel, const char* szCommand)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), szCommand, strlen(szCommand));
|
||||
const std::string escapedName = EscapeLogString(m_sql, szName);
|
||||
const std::string escapedIP = EscapeLogString(m_sql, szIP);
|
||||
const std::string escapedCommand = EscapeLogString(m_sql, szCommand);
|
||||
|
||||
Query("INSERT DELAYED INTO command_log%s (userid, server, ip, port, username, command, date ) "
|
||||
"VALUES(%u, 999, '%s', %u, '%s', '%s', NOW()) ",
|
||||
get_table_postfix(), dwPID, szIP, byChannel, szName, __escape_hint);
|
||||
get_table_postfix(), dwPID, escapedIP.c_str(), byChannel, escapedName.c_str(), escapedCommand.c_str());
|
||||
}
|
||||
|
||||
void LogManager::RefineLog(DWORD pid, const char* item_name, DWORD item_id, int item_refine_level, int is_success, const char* how)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), item_name, strlen(item_name));
|
||||
const std::string escapedItemName = EscapeLogString(m_sql, item_name);
|
||||
const std::string escapedHow = EscapeLogString(m_sql, how);
|
||||
|
||||
Query("INSERT INTO refinelog%s (pid, item_name, item_id, step, time, is_success, setType) VALUES(%u, '%s', %u, %d, NOW(), %d, '%s')",
|
||||
get_table_postfix(), pid, __escape_hint, item_id, item_refine_level, is_success, how);
|
||||
get_table_postfix(), pid, escapedItemName.c_str(), item_id, item_refine_level, is_success, escapedHow.c_str());
|
||||
}
|
||||
|
||||
|
||||
void LogManager::ShoutLog(BYTE bChannel, BYTE bEmpire, const char * pszText)
|
||||
{
|
||||
m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), pszText, strlen(pszText));
|
||||
const std::string escapedText = EscapeLogString(m_sql, pszText);
|
||||
|
||||
Query("INSERT INTO shout_log%s VALUES(NOW(), %d, %d,'%s')", get_table_postfix(), bChannel, bEmpire, __escape_hint);
|
||||
Query("INSERT INTO shout_log%s VALUES(NOW(), %d, %d,'%s')", get_table_postfix(), bChannel, bEmpire, escapedText.c_str());
|
||||
}
|
||||
|
||||
void LogManager::LevelLog(LPCHARACTER pChar, unsigned int level, unsigned int playhour)
|
||||
@@ -223,6 +260,7 @@ void LogManager::LevelLog(LPCHARACTER pChar, unsigned int level, unsigned int pl
|
||||
if (true == LC_IsEurope())
|
||||
{
|
||||
DWORD aid = 0;
|
||||
const std::string escapedName = EscapeLogString(m_sql, pChar->GetName());
|
||||
|
||||
if (NULL != pChar->GetDesc())
|
||||
{
|
||||
@@ -230,19 +268,21 @@ void LogManager::LevelLog(LPCHARACTER pChar, unsigned int level, unsigned int pl
|
||||
}
|
||||
|
||||
Query("REPLACE INTO levellog%s (name, level, time, account_id, pid, playtime) VALUES('%s', %u, NOW(), %u, %u, %d)",
|
||||
get_table_postfix(), pChar->GetName(), level, aid, pChar->GetPlayerID(), playhour);
|
||||
get_table_postfix(), escapedName.c_str(), level, aid, pChar->GetPlayerID(), playhour);
|
||||
}
|
||||
else
|
||||
{
|
||||
const std::string escapedName = EscapeLogString(m_sql, pChar->GetName());
|
||||
Query("REPLACE INTO levellog%s (name, level, time, playtime) VALUES('%s', %u, NOW(), %d)",
|
||||
get_table_postfix(), pChar->GetName(), level, playhour);
|
||||
get_table_postfix(), escapedName.c_str(), level, playhour);
|
||||
}
|
||||
}
|
||||
|
||||
void LogManager::BootLog(const char * c_pszHostName, BYTE bChannel)
|
||||
{
|
||||
const std::string escapedHostName = EscapeLogString(m_sql, c_pszHostName);
|
||||
Query("INSERT INTO bootlog (time, hostname, channel) VALUES(NOW(), '%s', %d)",
|
||||
c_pszHostName, bChannel);
|
||||
escapedHostName.c_str(), bChannel);
|
||||
}
|
||||
|
||||
void LogManager::FishLog(DWORD dwPID, int prob_idx, int fish_id, int fish_level, DWORD dwMiliseconds, DWORD dwVnum, DWORD dwValue)
|
||||
@@ -260,9 +300,10 @@ void LogManager::FishLog(DWORD dwPID, int prob_idx, int fish_id, int fish_level,
|
||||
|
||||
void LogManager::QuestRewardLog(const char * c_pszQuestName, DWORD dwPID, DWORD dwLevel, int iValue1, int iValue2)
|
||||
{
|
||||
const std::string escapedQuestName = EscapeLogString(m_sql, c_pszQuestName);
|
||||
Query("INSERT INTO quest_reward_log%s VALUES('%s',%u,%u,2,%u,%u,NOW())",
|
||||
get_table_postfix(),
|
||||
c_pszQuestName,
|
||||
escapedQuestName.c_str(),
|
||||
dwPID,
|
||||
dwLevel,
|
||||
iValue1,
|
||||
@@ -276,14 +317,16 @@ void LogManager::DetailLoginLog(bool isLogin, LPCHARACTER ch)
|
||||
|
||||
if (true == isLogin)
|
||||
{
|
||||
const std::string escapedIP = EscapeLogString(m_sql, ch->GetDesc()->GetHostName());
|
||||
const std::string escapedClientVersion = EscapeLogString(m_sql, ch->GetDesc()->GetClientVersion());
|
||||
Query("INSERT INTO loginlog2(type, is_gm, login_time, channel, account_id, pid, ip, client_version) "
|
||||
"VALUES('INVALID', %s, NOW(), %d, %u, %u, inet_aton('%s'), '%s')",
|
||||
ch->IsGM() ? "'Y'" : "'N'",
|
||||
g_bChannel,
|
||||
ch->GetDesc()->GetAccountTable().id,
|
||||
ch->GetPlayerID(),
|
||||
ch->GetDesc()->GetHostName(),
|
||||
ch->GetDesc()->GetClientVersion());
|
||||
escapedIP.c_str(),
|
||||
escapedClientVersion.c_str());
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -301,4 +344,3 @@ void LogManager::DragonSlayLog(DWORD dwGuildID, DWORD dwDragonVnum, DWORD dwStar
|
||||
get_table_postfix(),
|
||||
dwGuildID, dwDragonVnum, dwStartTime, dwEndTime);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user