Additional SQLite lookup sanitizing.

Using CDClientDatabase::ExecuteQueryWithArgs() across all known lookups.
This commit is contained in:
TheMatt2 2022-01-06 21:12:47 -05:00
parent 4796b551ad
commit e5f7d164cb
16 changed files with 75 additions and 129 deletions

View File

@ -275,13 +275,10 @@ Behavior* Behavior::CreateBehavior(const uint32_t behaviorId)
return behavior; return behavior;
} }
BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId) BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId) {
{ auto result = CDClientDatabase::ExecuteQueryWithArgs(
std::stringstream query; "SELECT templateID FROM BehaviorTemplate WHERE behaviorID = %u;",
behaviorId);
query << "SELECT templateID FROM BehaviorTemplate WHERE behaviorID = " << std::to_string(behaviorId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
// Make sure we do not proceed if we are trying to load an invalid behavior // Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof()) if (result.eof())
@ -409,15 +406,9 @@ Behavior::Behavior(const uint32_t behaviorId)
this->m_templateId = BehaviorTemplates::BEHAVIOR_EMPTY; this->m_templateId = BehaviorTemplates::BEHAVIOR_EMPTY;
} }
/* auto result = CDClientDatabase::ExecuteQueryWithArgs(
* Get standard info "SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = %u;",
*/ behaviorId);
std::stringstream query;
query << "SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = " << std::to_string(behaviorId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
// Make sure we do not proceed if we are trying to load an invalid behavior // Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof()) if (result.eof())
@ -490,11 +481,9 @@ std::map<std::string, float> Behavior::GetParameterNames() const
{ {
std::map<std::string, float> parameters; std::map<std::string, float> parameters;
std::stringstream query; auto tableData = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = %u;",
query << "SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = " << std::to_string(this->m_behaviorId); this->m_behaviorId);
auto tableData = CDClientDatabase::ExecuteQuery(query.str());
while (!tableData.eof()) while (!tableData.eof())
{ {

View File

@ -39,15 +39,13 @@ void SwitchMultipleBehavior::Calculate(BehaviorContext* context, RakNet::BitStre
// TODO // TODO
} }
void SwitchMultipleBehavior::Load() void SwitchMultipleBehavior::Load() {
{ auto result = CDClientDatabase::ExecuteQueryWithArgs(
const auto b = std::to_string(this->m_behaviorId); "SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, "
std::stringstream query; "(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = %u AND bP2.parameterID LIKE 'value %' "
query << "SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, " "AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value "
<< "(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = " << b << " AND bP2.parameterID LIKE 'value %' " "FROM BehaviorParameter bP1 WHERE bP1.behaviorID = %u AND bP1.parameterID LIKE 'behavior %';",
<< "AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value " this->m_behaviorId, this->m_behaviorId);
<< "FROM BehaviorParameter bP1 WHERE bP1.behaviorID = " << b << " AND bP1.parameterID LIKE 'behavior %'";
auto result = CDClientDatabase::ExecuteQuery(query.str());
while (!result.eof()) { while (!result.eof()) {
const auto behavior_id = static_cast<uint32_t>(result.getFloatField(1)); const auto behavior_id = static_cast<uint32_t>(result.getFloatField(1));

View File

@ -35,11 +35,9 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
m_SoftTimer = 5.0f; m_SoftTimer = 5.0f;
//Grab the aggro information from BaseCombatAI: //Grab the aggro information from BaseCombatAI:
std::stringstream componentQuery; auto componentResult = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = %u;",
componentQuery << "SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = " << std::to_string(id); id);
auto componentResult = CDClientDatabase::ExecuteQuery(componentQuery.str());
if (!componentResult.eof()) if (!componentResult.eof())
{ {
@ -64,12 +62,9 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
/* /*
* Find skills * Find skills
*/ */
auto result = CDClientDatabase::ExecuteQueryWithArgs(
std::stringstream query; "SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
parent->GetLOT());
query << "SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(parent->GetLOT()) << " )";
auto result = CDClientDatabase::ExecuteQuery(query.str());
while (!result.eof()) { while (!result.eof()) {
const auto skillId = static_cast<uint32_t>(result.getIntField(0)); const auto skillId = static_cast<uint32_t>(result.getIntField(0));

View File

@ -371,11 +371,9 @@ const std::vector<BuffParameter>& BuffComponent::GetBuffParameters(int32_t buffI
return pair->second; return pair->second;
} }
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT * FROM BuffParameters WHERE BuffID = %d;",
query << "SELECT * FROM BuffParameters WHERE BuffID = " << std::to_string(buffId) << ";"; buffId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
std::vector<BuffParameter> parameters {}; std::vector<BuffParameter> parameters {};

View File

@ -373,11 +373,8 @@ void DestroyableComponent::AddFaction(const int32_t factionID, const bool ignore
m_FactionIDs.push_back(factionID); m_FactionIDs.push_back(factionID);
m_DirtyHealth = true; m_DirtyHealth = true;
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT enemyList FROM Factions WHERE faction = %d;", factionID);
query << "SELECT enemyList FROM Factions WHERE faction = " << std::to_string(factionID);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof()) return; if (result.eof()) return;

View File

@ -1136,22 +1136,18 @@ bool InventoryComponent::IsEquipped(const LOT lot) const
return false; return false;
} }
void InventoryComponent::CheckItemSet(const LOT lot) void InventoryComponent::CheckItemSet(const LOT lot) {
{
// Check if the lot is in the item set cache // Check if the lot is in the item set cache
if (std::find(m_ItemSetsChecked.begin(), m_ItemSetsChecked.end(), lot) != m_ItemSetsChecked.end()) if (std::find(m_ItemSetsChecked.begin(), m_ItemSetsChecked.end(), lot) != m_ItemSetsChecked.end()) {
{
return; return;
} }
std::stringstream query; std::cout << "INVENTORY CHECK" << std::endl;
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT setID FROM ItemSets WHERE itemIDs LIKE '%%%d%%';",
lot);
query << "SELECT setID FROM ItemSets WHERE itemIDs LIKE '%" << std::to_string(lot) << "%'"; while (!result.eof()) {
auto result = CDClientDatabase::ExecuteQuery(query.str());
while (!result.eof())
{
const auto id = result.getIntField(0); const auto id = result.getIntField(0);
bool found = false; bool found = false;

View File

@ -450,11 +450,8 @@ const std::vector<uint32_t>& MissionComponent::QueryAchievements(MissionTaskType
} }
bool MissionComponent::RequiresItem(const LOT lot) { bool MissionComponent::RequiresItem(const LOT lot) {
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT type FROM Objects WHERE id = %d;", lot);
query << "SELECT type FROM Objects WHERE id = " << std::to_string(lot);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof()) { if (result.eof()) {
return false; return false;

View File

@ -166,13 +166,10 @@ void PetComponent::OnUse(Entity* originator)
std::string buildFile; std::string buildFile;
if (cached == buildCache.end()) if (cached == buildCache.end()) {
{ auto result = CDClientDatabase::ExecuteQueryWithArgs(
std::stringstream query; "SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = %d;",
m_Parent->GetLOT());
query << "SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = " << std::to_string(m_Parent->GetLOT()) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof()) if (result.eof())
{ {

View File

@ -40,11 +40,9 @@ PropertyManagementComponent::PropertyManagementComponent(Entity* parent) : Compo
const auto zoneId = worldId.GetMapID(); const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID(); const auto cloneId = worldId.GetCloneID();
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %d;",
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";"; (int) zoneId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof() || result.fieldIsNull(0)) if (result.eof() || result.fieldIsNull(0))
{ {
@ -98,11 +96,9 @@ std::vector<NiPoint3> PropertyManagementComponent::GetPaths() const
{ {
const auto zoneId = dZoneManager::Instance()->GetZone()->GetWorldID(); const auto zoneId = dZoneManager::Instance()->GetZone()->GetWorldID();
std::stringstream query {}; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT path FROM PropertyTemplate WHERE mapID = %u;",
query << "SELECT path FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";"; zoneId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
std::vector<NiPoint3> paths {}; std::vector<NiPoint3> paths {};

View File

@ -18,11 +18,9 @@
#include "PacketUtils.h" #include "PacketUtils.h"
RocketLaunchpadControlComponent::RocketLaunchpadControlComponent(Entity* parent, int rocketId) : Component(parent) { RocketLaunchpadControlComponent::RocketLaunchpadControlComponent(Entity* parent, int rocketId) : Component(parent) {
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = %d;",
query << "SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = " << std::to_string(rocketId); rocketId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (!result.eof() && !result.fieldIsNull(0)) if (!result.eof() && !result.fieldIsNull(0))
{ {

View File

@ -86,14 +86,11 @@ void SkillComponent::SyncPlayerProjectile(const LWOOBJID projectileId, RakNet::B
const auto sync_entry = this->m_managedProjectiles.at(index); const auto sync_entry = this->m_managedProjectiles.at(index);
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
sync_entry.lot);
query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(sync_entry.lot) << ")"; if (result.eof()) {
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof())
{
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", sync_entry.lot); Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", sync_entry.lot);
return; return;
@ -428,8 +425,7 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
{ {
auto* other = EntityManager::Instance()->GetEntity(entry.branchContext.target); auto* other = EntityManager::Instance()->GetEntity(entry.branchContext.target);
if (other == nullptr) if (other == nullptr) {
{
if (entry.branchContext.target != LWOOBJID_EMPTY) if (entry.branchContext.target != LWOOBJID_EMPTY)
{ {
Game::logger->Log("SkillComponent", "Invalid projectile target (%llu)!\n", entry.branchContext.target); Game::logger->Log("SkillComponent", "Invalid projectile target (%llu)!\n", entry.branchContext.target);
@ -438,14 +434,11 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
return; return;
} }
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
entry.lot);
query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(entry.lot) << ")"; if (result.eof()) {
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof())
{
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", entry.lot); Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", entry.lot);
return; return;

View File

@ -2509,11 +2509,9 @@ void GameMessages::HandleBBBSaveRequest(RakNet::BitStream* inStream, Entity* ent
const auto zoneId = worldId.GetMapID(); const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID(); const auto cloneId = worldId.GetCloneID();
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %d;",
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";"; (int) zoneId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof() || result.fieldIsNull(0)) { if (result.eof() || result.fieldIsNull(0)) {
return; return;

View File

@ -386,11 +386,9 @@ void Item::DisassembleModel()
const auto componentId = table->GetByIDAndType(GetLot(), COMPONENT_TYPE_RENDER); const auto componentId = table->GetByIDAndType(GetLot(), COMPONENT_TYPE_RENDER);
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT render_asset FROM RenderComponent WHERE id = %d;",
query << "SELECT render_asset FROM RenderComponent WHERE id = " << std::to_string(componentId) << ";"; componentId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof()) if (result.eof())
{ {

View File

@ -15,13 +15,10 @@
std::map<uint32_t, Precondition*> Preconditions::cache = {}; std::map<uint32_t, Precondition*> Preconditions::cache = {};
Precondition::Precondition(const uint32_t condition) Precondition::Precondition(const uint32_t condition) {
{ auto result = CDClientDatabase::ExecuteQueryWithArgs(
std::stringstream query; "SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = %u;",
condition);
query << "SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = " << std::to_string(condition) << ";";
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof()) if (result.eof())
{ {

View File

@ -1059,11 +1059,9 @@ void HandlePacket(Packet* packet) {
const auto zoneId = Game::server->GetZoneID(); const auto zoneId = Game::server->GetZoneID();
const auto cloneId = g_CloneID; const auto cloneId = g_CloneID;
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %u;",
query << "SELECT id FROM PropertyTemplate WHERE mapID = " << std::to_string(zoneId) << ";"; zoneId);
auto result = CDClientDatabase::ExecuteQuery(query.str());
if (result.eof() || result.fieldIsNull(0)) { if (result.eof() || result.fieldIsNull(0)) {
Game::logger->Log("WorldServer", "No property templates found for zone %d, not sending BBB\n", zoneId); Game::logger->Log("WorldServer", "No property templates found for zone %d, not sending BBB\n", zoneId);

View File

@ -26,8 +26,9 @@ void dZoneManager::Initialize(const LWOZONEID& zoneID) {
LOT zoneControlTemplate = 2365; LOT zoneControlTemplate = 2365;
std::stringstream query; auto result = CDClientDatabase::ExecuteQueryWithArgs(
auto result = CDClientDatabase::ExecuteQuery("SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = " + std::to_string(zoneID.GetMapID())); "SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = %d;",
(int) zoneID.GetMapID());
if (!result.eof()) { if (!result.eof()) {
zoneControlTemplate = result.getIntField("zoneControlTemplate", 2365); zoneControlTemplate = result.getIntField("zoneControlTemplate", 2365);