metin-server/m2dev-server-src
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

game: escape highscore and award inputs

Browse Source
This commit is contained in:
server
2026-04-13 23:04:35 +02:00
parent 63dac27b47
commit e401cc1c55
4 changed files with 45 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/game/questlua_pc.cpp
View File

@@ -2784,16 +2784,20 @@ teleport_area:
DWORD dwVnum = (int) lua_tonumber(L, 1);
int icount = (int) lua_tonumber(L, 2);
const char* login = ch->GetDesc()->GetAccountTable().login;
const char* why = lua_tostring(L, 3);
const std::string escapedLogin = DBManager::instance().EscapeStringCopy(login ? login : "", login ? strlen(login) : 0);
const std::string escapedWhy = DBManager::instance().EscapeStringCopy(why ? why : "", why ? strlen(why) : 0);
sys_log(0, "QUEST [award] item %d to login %s", dwVnum, ch->GetDesc()->GetAccountTable().login);
DBManager::instance().Query("INSERT INTO item_award (login, vnum, count, given_time, why, mall)select '%s', %d, %d, now(), '%s', 1 from DUAL where not exists (select login, why from item_award where login = '%s' and why = '%s') ;",
ch->GetDesc()->GetAccountTable().login,
escapedLogin.c_str(),
dwVnum,
icount,
lua_tostring(L,3),
ch->GetDesc()->GetAccountTable().login,
lua_tostring(L,3));
escapedWhy.c_str(),
escapedLogin.c_str(),
escapedWhy.c_str());
lua_pushnumber (L, 0);
return 1;
@@ -2812,19 +2816,26 @@ teleport_area:
DWORD dwVnum = (int) lua_tonumber(L, 1);
int icount = (int) lua_tonumber(L, 2);
const char* login = ch->GetDesc()->GetAccountTable().login;
const char* why = lua_tostring(L, 3);
long socket0 = strtol(lua_tostring(L, 4), nullptr, 10);
long socket1 = strtol(lua_tostring(L, 5), nullptr, 10);
long socket2 = strtol(lua_tostring(L, 6), nullptr, 10);
const std::string escapedLogin = DBManager::instance().EscapeStringCopy(login ? login : "", login ? strlen(login) : 0);
const std::string escapedWhy = DBManager::instance().EscapeStringCopy(why ? why : "", why ? strlen(why) : 0);
sys_log(0, "QUEST [award] item %d to login %s", dwVnum, ch->GetDesc()->GetAccountTable().login);
DBManager::instance().Query("INSERT INTO item_award (login, vnum, count, given_time, why, mall, socket0, socket1, socket2)select '%s', %d, %d, now(), '%s', 1, %s, %s, %s from DUAL where not exists (select login, why from item_award where login = '%s' and why = '%s') ;",
ch->GetDesc()->GetAccountTable().login,
DBManager::instance().Query("INSERT INTO item_award (login, vnum, count, given_time, why, mall, socket0, socket1, socket2)select '%s', %d, %d, now(), '%s', 1, %ld, %ld, %ld from DUAL where not exists (select login, why from item_award where login = '%s' and why = '%s') ;",
escapedLogin.c_str(),
dwVnum,
icount,
lua_tostring(L,3),
lua_tostring(L,4),
lua_tostring(L,5),
lua_tostring(L,6),
ch->GetDesc()->GetAccountTable().login,
lua_tostring(L,3));
escapedWhy.c_str(),
socket0,
socket1,
socket2,
escapedLogin.c_str(),
escapedWhy.c_str());
lua_pushnumber (L, 0);
return 1;