Mirrored_Repos/DarkflameServer
1
0
Fork 0
mirror of https://github.com/DarkflameUniverse/DarkflameServer.git synced 2025-08-05 18:24:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Additional SQLite lookup sanitizing with CDClientDatabase::ExecuteQueryWithArgs()

Browse Source
This commit is contained in:
TheMatt2
2022-01-06 16:05:03 -05:00
parent 590ccc78aa
commit 4796b551ad
3 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
dGame/dComponents/RenderComponent.cpp
View File

@@ -198,14 +198,12 @@ void RenderComponent::PlayEffect(const int32_t effectId, const std::u16string& e
return;
}
std::stringstream query;
const std::string effectType_str = GeneralUtils::UTF16ToWTF8(effectType);
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = %d AND effectType = %Q);",
effectId, effectType_str.c_str());
query << "SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = " << std::to_string(effectId) << " AND effectType = '" << GeneralUtils::UTF16ToWTF8(effectType) << "');";
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof() || result.fieldIsNull(0))
{
if (result.eof() || result.fieldIsNull(0)) {
result.finalize();
m_DurationCache[effectId] = 0;
@@ -214,7 +212,7 @@ void RenderComponent::PlayEffect(const int32_t effectId, const std::u16string& e
return;
}
effect->time = static_cast<float>(result.getFloatField(0));
result.finalize();