Mirrored_Repos/DarkflameServer
1
0
Fork 0
mirror of https://github.com/DarkflameUniverse/DarkflameServer.git synced 2024-11-25 23:17:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #354 Sanitize SQLite Queries

Browse Source 
adds support to prevent sql injection via using prepared statements and also fixes an issue with the runmacro command.
This commit is contained in:
David Markowitz 2022-05-24 17:31:58 -07:00 committed by GitHub
commit 769f789a43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 435 additions and 419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dDatabase/CDClientDatabase.cpp
View File

@ -13,3 +13,8 @@ void CDClientDatabase::Connect(const std::string& filename) {
CppSQLite3Query CDClientDatabase::ExecuteQuery(const std::string& query) {
return conn->execQuery(query.c_str());
}
//! Makes prepared statements
CppSQLite3Statement CDClientDatabase::CreatePreppedStmt(const std::string& query) {
return conn->compileStatement(query.c_str());
}

6
dDatabase/CDClientDatabase.h
View File

@ -40,4 +40,10 @@ namespace CDClientDatabase {
*/
CppSQLite3Query ExecuteQuery(const std::string& query);
//! Queries the CDClient and parses arguments
/*!
\param query The query with formatted arguments
\return prepared SQLite Statement
*/
CppSQLite3Statement CreatePreppedStmt(const std::string& query);
};

8
dDatabase/Tables/CDBehaviorParameterTable.cpp
View File

@ -59,11 +59,11 @@ float CDBehaviorParameterTable::GetEntry(const uint32_t behaviorID, const std::s
}
#ifndef CDCLIENT_CACHE_ALL
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = ?;");
query.bind(1, (int) behaviorID);
query << "SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = " << std::to_string(behaviorID);
auto tableData = CDClientDatabase::ExecuteQuery(query.str());
auto tableData = query.execQuery();
m_Entries.insert_or_assign(behaviorID, 0);

58
dGame/dBehaviors/Behavior.cpp
View File

@ -281,13 +281,12 @@ Behavior* Behavior::CreateBehavior(const uint32_t behaviorId)
return behavior;
}
BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId)
{
std::stringstream query;
BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId) {
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
query << "SELECT templateID FROM BehaviorTemplate WHERE behaviorID = " << std::to_string(behaviorId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@ -358,18 +357,25 @@ void Behavior::PlayFx(std::u16string type, const LWOOBJID target, const LWOOBJID
}
}
std::stringstream query;
// The SQlite result object becomes invalid if the query object leaves scope.
// So both queries are defined before the if statement
CppSQLite3Query result;
auto typeQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName FROM BehaviorEffect WHERE effectType = ? AND effectID = ?;");
if (!type.empty())
{
query << "SELECT effectName FROM BehaviorEffect WHERE effectType = '" << typeString << "' AND effectID = " << std::to_string(effectId) << ";";
}
else
{
query << "SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = " << std::to_string(effectId) << ";";
}
auto idQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = ?;");
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (!type.empty()) {
typeQuery.bind(1, typeString.c_str());
typeQuery.bind(2, (int) effectId);
result = typeQuery.execQuery();
} else {
idQuery.bind(1, (int) effectId);
result = idQuery.execQuery();
}
if (result.eof() || result.fieldIsNull(0))
{
@ -414,15 +420,11 @@ Behavior::Behavior(const uint32_t behaviorId)
this->m_templateId = BehaviorTemplates::BEHAVIOR_EMPTY;
}
/*
* Get standard info
*/
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
std::stringstream query;
query << "SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = " << std::to_string(behaviorId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@ -495,11 +497,11 @@ std::map<std::string, float> Behavior::GetParameterNames() const
{
std::map<std::string, float> parameters;
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = ?;");
query.bind(1, (int) this->m_behaviorId);
query << "SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = " << std::to_string(this->m_behaviorId);
auto tableData = CDClientDatabase::ExecuteQuery(query.str());
auto tableData = query.execQuery();
while (!tableData.eof())
{

18
dGame/dBehaviors/SwitchMultipleBehavior.cpp
View File

@ -39,15 +39,15 @@ void SwitchMultipleBehavior::Calculate(BehaviorContext* context, RakNet::BitStre
// TODO
}
void SwitchMultipleBehavior::Load()
{
const auto b = std::to_string(this->m_behaviorId);
std::stringstream query;
query << "SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, "
<< "(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = " << b << " AND bP2.parameterID LIKE 'value %' "
<< "AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value "
<< "FROM BehaviorParameter bP1 WHERE bP1.behaviorID = " << b << " AND bP1.parameterID LIKE 'behavior %'";
auto result = CDClientDatabase::ExecuteQuery(query.str());
void SwitchMultipleBehavior::Load() {
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, "
"(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = ?1 AND bP2.parameterID LIKE 'value %' "
"AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value "
"FROM BehaviorParameter bP1 WHERE bP1.behaviorID = ?1 AND bP1.parameterID LIKE 'behavior %';");
query.bind(1, (int) this->m_behaviorId);
auto result = query.execQuery();
while (!result.eof()) {
const auto behavior_id = static_cast<uint32_t>(result.getFloatField(1));

17
dGame/dComponents/BaseCombatAIComponent.cpp
View File

@ -35,11 +35,11 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
m_SoftTimer = 5.0f;
//Grab the aggro information from BaseCombatAI:
std::stringstream componentQuery;
auto componentQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = ?;");
componentQuery.bind(1, (int) id);
componentQuery << "SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = " << std::to_string(id);
auto componentResult = CDClientDatabase::ExecuteQuery(componentQuery.str());
auto componentResult = componentQuery.execQuery();
if (!componentResult.eof())
{
@ -64,12 +64,11 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
/*
* Find skills
*/
auto skillQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
skillQuery.bind(1, (int) parent->GetLOT());
std::stringstream query;
query << "SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(parent->GetLOT()) << " )";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = skillQuery.execQuery();
while (!result.eof()) {
const auto skillId = static_cast<uint32_t>(result.getIntField(0));

8
dGame/dComponents/BuffComponent.cpp
View File

@ -371,11 +371,11 @@ const std::vector<BuffParameter>& BuffComponent::GetBuffParameters(int32_t buffI
return pair->second;
}
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT * FROM BuffParameters WHERE BuffID = ?;");
query.bind(1, (int) buffId);
query << "SELECT * FROM BuffParameters WHERE BuffID = " << std::to_string(buffId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
std::vector<BuffParameter> parameters {};

8
dGame/dComponents/DestroyableComponent.cpp
View File

@ -375,11 +375,11 @@ void DestroyableComponent::AddFaction(const int32_t factionID, const bool ignore
m_FactionIDs.push_back(factionID);
m_DirtyHealth = true;
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT enemyList FROM Factions WHERE faction = ?;");
query.bind(1, (int) factionID);
query << "SELECT enemyList FROM Factions WHERE faction = " << std::to_string(factionID);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof()) return;

20
dGame/dComponents/InventoryComponent.cpp
View File

@ -189,6 +189,7 @@ void InventoryComponent::AddItem(
return;
}
auto* item = new Item(lot, inventory, slot, count, config, parent, showFlyingLoot, isModMoveAndEquip, subKey, bound, lootSourceType);
if (missions != nullptr && !IsTransferInventory(inventoryType))
@ -1182,22 +1183,21 @@ bool InventoryComponent::IsEquipped(const LOT lot) const
return false;
}
void InventoryComponent::CheckItemSet(const LOT lot)
{
void InventoryComponent::CheckItemSet(const LOT lot) {
// Check if the lot is in the item set cache
if (std::find(m_ItemSetsChecked.begin(), m_ItemSetsChecked.end(), lot) != m_ItemSetsChecked.end())
{
if (std::find(m_ItemSetsChecked.begin(), m_ItemSetsChecked.end(), lot) != m_ItemSetsChecked.end()) {
return;
}
std::stringstream query;
const std::string lot_query = "%" + std::to_string(lot) + "%";
query << "SELECT setID FROM ItemSets WHERE itemIDs LIKE '%" << std::to_string(lot) << "%'";
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT setID FROM ItemSets WHERE itemIDs LIKE ?;");
query.bind(1, lot_query.c_str());
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
while (!result.eof())
{
while (!result.eof()) {
const auto id = result.getIntField(0);
bool found = false;
@ -1470,6 +1470,7 @@ std::vector<uint32_t> InventoryComponent::FindBuffs(Item* item, bool castOnEquip
{
missions->Progress(MissionTaskType::MISSION_TASK_TYPE_SKILL, result.skillID);
}
// If item is not a proxy, add its buff to the added buffs.
if (item->GetParent() == LWOOBJID_EMPTY) buffs.push_back(static_cast<uint32_t>(entry.behaviorID));
}
@ -1787,4 +1788,3 @@ void InventoryComponent::UpdatePetXml(tinyxml2::XMLDocument* document)
petInventoryElement->LinkEndChild(petElement);
}
}

8
dGame/dComponents/MissionComponent.cpp
View File

@ -450,11 +450,11 @@ const std::vector<uint32_t>& MissionComponent::QueryAchievements(MissionTaskType
}
bool MissionComponent::RequiresItem(const LOT lot) {
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT type FROM Objects WHERE id = ?;");
query.bind(1, (int) lot);
query << "SELECT type FROM Objects WHERE id = " << std::to_string(lot);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof()) {
return false;

11
dGame/dComponents/PetComponent.cpp
View File

@ -172,13 +172,12 @@ void PetComponent::OnUse(Entity* originator)
std::string buildFile;
if (cached == buildCache.end())
{
std::stringstream query;
if (cached == buildCache.end()) {
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = ?;");
query.bind(1, (int) m_Parent->GetLOT());
query << "SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = " << std::to_string(m_Parent->GetLOT()) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof())
{

16
dGame/dComponents/PropertyManagementComponent.cpp
View File

@ -40,11 +40,11 @@ PropertyManagementComponent::PropertyManagementComponent(Entity* parent) : Compo
const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID();
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0))
{
@ -103,11 +103,11 @@ std::vector<NiPoint3> PropertyManagementComponent::GetPaths() const
{
const auto zoneId = dZoneManager::Instance()->GetZone()->GetWorldID();
std::stringstream query {};
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT path FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
query << "SELECT path FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
std::vector<NiPoint3> paths {};

12
dGame/dComponents/RenderComponent.cpp
View File

@ -198,14 +198,16 @@ void RenderComponent::PlayEffect(const int32_t effectId, const std::u16string& e
return;
}
std::stringstream query;
const std::string effectType_str = GeneralUtils::UTF16ToWTF8(effectType);
query << "SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = " << std::to_string(effectId) << " AND effectType = '" << GeneralUtils::UTF16ToWTF8(effectType) << "');";
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = ? AND effectType = ?);");
query.bind(1, effectId);
query.bind(2, effectType_str.c_str());
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0))
{
if (result.eof() || result.fieldIsNull(0)) {
result.finalize();
m_DurationCache[effectId] = 0;

8
dGame/dComponents/RocketLaunchpadControlComponent.cpp
View File

@ -19,11 +19,11 @@
#include "PacketUtils.h"
RocketLaunchpadControlComponent::RocketLaunchpadControlComponent(Entity* parent, int rocketId) : Component(parent) {
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = ?;");
query.bind(1, rocketId);
query << "SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = " << std::to_string(rocketId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (!result.eof() && !result.fieldIsNull(0))
{

26
dGame/dComponents/SkillComponent.cpp
View File

@ -88,14 +88,13 @@ void SkillComponent::SyncPlayerProjectile(const LWOOBJID projectileId, RakNet::B
const auto sync_entry = this->m_managedProjectiles.at(index);
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
query.bind(1, (int) sync_entry.lot);
query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(sync_entry.lot) << ")";
auto result = query.execQuery();
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof())
{
if (result.eof()) {
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", sync_entry.lot);
return;
@ -430,8 +429,7 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
{
auto* other = EntityManager::Instance()->GetEntity(entry.branchContext.target);
if (other == nullptr)
{
if (other == nullptr) {
if (entry.branchContext.target != LWOOBJID_EMPTY)
{
Game::logger->Log("SkillComponent", "Invalid projectile target (%llu)!\n", entry.branchContext.target);
@ -440,14 +438,12 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
return;
}
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
query.bind(1, (int) entry.lot);
auto result = query.execQuery();
query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(entry.lot) << ")";
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof())
{
if (result.eof()) {
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", entry.lot);
return;

8
dGame/dGameMessages/GameMessages.cpp
View File

@ -2515,11 +2515,11 @@ void GameMessages::HandleBBBSaveRequest(RakNet::BitStream* inStream, Entity* ent
const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID();
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0)) {
return;

8
dGame/dInventory/Item.cpp
View File

@ -386,11 +386,11 @@ void Item::DisassembleModel()
const auto componentId = table->GetByIDAndType(GetLot(), COMPONENT_TYPE_RENDER);
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT render_asset FROM RenderComponent WHERE id = ?;");
query.bind(1, (int) componentId);
query << "SELECT render_asset FROM RenderComponent WHERE id = " << std::to_string(componentId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof())
{

16
dGame/dInventory/ItemSet.cpp
View File

@ -15,11 +15,11 @@ ItemSet::ItemSet(const uint32_t id, InventoryComponent* inventoryComponent)
this->m_PassiveAbilities = ItemSetPassiveAbility::FindAbilities(id, m_InventoryComponent->GetParent(), this);
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT skillSetWith2, skillSetWith3, skillSetWith4, skillSetWith5, skillSetWith6, itemIDs FROM ItemSets WHERE setID = ?;");
query.bind(1, (int) id);
query << "SELECT skillSetWith2, skillSetWith3, skillSetWith4, skillSetWith5, skillSetWith6, itemIDs FROM ItemSets WHERE setID = " << std::to_string(id);
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof())
{
@ -33,11 +33,11 @@ ItemSet::ItemSet(const uint32_t id, InventoryComponent* inventoryComponent)
continue;
}
std::stringstream skillQuery;
auto skillQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT SkillID FROM ItemSetSkills WHERE SkillSetID = ?;");
skillQuery.bind(1, result.getIntField(i));
skillQuery << "SELECT SkillID FROM ItemSetSkills WHERE SkillSetID = " << std::to_string(result.getIntField(i));
auto skillResult = CDClientDatabase::ExecuteQuery(skillQuery.str());
auto skillResult = skillQuery.execQuery();
if (skillResult.eof())
{

11
dGame/dUtilities/Preconditions.cpp
View File

@ -15,13 +15,12 @@
std::map<uint32_t, Precondition*> Preconditions::cache = {};
Precondition::Precondition(const uint32_t condition)
{
std::stringstream query;
Precondition::Precondition(const uint32_t condition) {
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = ?;");
query.bind(1, (int) condition);
query << "SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = " << std::to_string(condition) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof())
{

26
dGame/dUtilities/SlashCommandHandler.cpp
View File

@ -131,6 +131,7 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
bool success = user->GetMaxGMLevel() >= level;
if (success) {
if (entity->GetGMLevel() > GAME_MASTER_LEVEL_CIVILIAN && level == GAME_MASTER_LEVEL_CIVILIAN)
{
GameMessages::SendToggleGMInvis(entity->GetObjectID(), false, UNASSIGNED_SYSTEM_ADDRESS);
@ -301,7 +302,7 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
return;
}
if ((chatCommand == "leave-zone")) {
if (chatCommand == "leave-zone") {
const auto currentZone = dZoneManager::Instance()->GetZone()->GetZoneID().GetMapID();
auto newZone = 0;
@ -342,7 +343,7 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
});
}
if ((chatCommand == "join" && !args.empty())) {
if (chatCommand == "join" && !args.empty()) {
ChatPackets::SendSystemMessage(sysAddr, u"Requesting private map...");
const auto& password = args[0];
@ -599,6 +600,10 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
if (chatCommand == "runmacro" && entity->GetGMLevel() >= GAME_MASTER_LEVEL_DEVELOPER) {
if (args.size() != 1) return;
// Only process if input does not contain separator charaters
if (args[0].find("/") != std::string::npos) return;
if (args[0].find("\\") != std::string::npos) return;
std::ifstream infile("./res/macros/" + args[0] + ".scm");
if (infile.good()) {
@ -927,6 +932,7 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
Game::logger->Log("SlashCommandHandler", "Teleporting objectID: %llu to %f, %f, %f\n", entity->GetObjectID(), pos.x, pos.y, pos.z);
GameMessages::SendTeleport(entity->GetObjectID(), pos, NiQuaternion(), sysAddr);
} else if (args.size() == 2) {
float x, z;
if (!GeneralUtils::TryParse(args[0], x))
@ -945,7 +951,6 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
pos.SetY(0.0f);
pos.SetZ(z);
Game::logger->Log("SlashCommandHandler", "Teleporting objectID: %llu to X: %f, Z: %f\n", entity->GetObjectID(), pos.x, pos.z);
GameMessages::SendTeleport(entity->GetObjectID(), pos, NiQuaternion(), sysAddr);
} else {
@ -1200,7 +1205,6 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
dest->SetImagination(999);
dest->SetMaxImagination(999.0f);
}
EntityManager::Instance()->SerializeEntity(entity);
}
@ -1226,11 +1230,11 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
dest->SetImagination(9);
dest->SetMaxImagination(9.0f);
}
EntityManager::Instance()->SerializeEntity(entity);
}
if (chatCommand == "refillstats" && entity->GetGMLevel() >= GAME_MASTER_LEVEL_DEVELOPER) {
auto dest = static_cast<DestroyableComponent*>(entity->GetComponent(COMPONENT_TYPE_DESTROYABLE));
if (dest) {
dest->SetHealth((int)dest->GetMaxHealth());
@ -1242,8 +1246,14 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
}
if (chatCommand == "lookup" && entity->GetGMLevel() >= GAME_MASTER_LEVEL_DEVELOPER && args.size() == 1) {
std::string query = "SELECT `id`, `name` FROM `Objects` WHERE `displayName` LIKE '%" + args[0] + "%' OR `name` LIKE '%" + args[0] + "%' OR `description` LIKE '%" + args[0] + "%'";
auto tables = CDClientDatabase::ExecuteQuery(query.c_str());
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT `id`, `name` FROM `Objects` WHERE `displayName` LIKE ?1 OR `name` LIKE ?1 OR `description` LIKE ?1 LIMIT 50");
const std::string query_text = "%" + args[0] + "%";
query.bind(1, query_text.c_str());
auto tables = query.execQuery();
while (!tables.eof()) {
std::string message = std::to_string(tables.getIntField(0)) + " - " + tables.getStringField(1);
ChatPackets::SendSystemMessage(sysAddr, GeneralUtils::ASCIIToUTF16(message, message.size()));
@ -1487,7 +1497,6 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
WorldPackets::SendTransferToWorld(sysAddr, serverIP, serverPort, mythranShift);
});
return;
});
} else {
@ -1973,4 +1982,3 @@ void SlashCommandHandler::SendAnnouncement(const std::string& title, const std::
Game::chatServer->Send(&bitStream, SYSTEM_PRIORITY, RELIABLE, 0, Game::chatSysAddr, false);
}

8
dWorldServer/WorldServer.cpp
View File

@ -998,11 +998,11 @@ void HandlePacket(Packet* packet) {
const auto zoneId = Game::server->GetZoneID();
const auto cloneId = g_CloneID;
std::stringstream query;
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0)) {
Game::logger->Log("WorldServer", "No property templates found for zone %d, not sending BBB\n", zoneId);