[FIX] SQL CSALÁS ELLEN!!

[huzsihun1997]

2089M DIFF:

Kód Kijelölés Kibont

game_2089M

0010F5C3: 31 EB
0010F5C4: C0 09



33820 DIFF: (DB DIFF NEM GAME DIFF!!)

Kód Kijelölés Kibont

This difference file is created by The Interactive Disassembler


db_r33820_32_u
000925A5: 01 00


34083 GAME DIFF

Kód Kijelölés Kibont

This difference file is created by The Interactive Disassembler


game_r34083_32
0040DFE5: 01 00

Forrás:

game/src messenger_manager.cpp

Kód Kijelölés Kibont

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)

Kód Kijelölés Kibont


void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
    if (companion.size() == 0)
        return;


    sys_log(1, "Messenger Remove %s %s", account.c_str(), companion.c_str());
    DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'",
            get_table_postfix(), account.c_str(), companion.c_str());


    __RemoveFromList(account, companion);


    TPacketGGMessenger p2ppck;


    p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
    strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
    strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));
    P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

Kód Kijelölés Kibont


void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
    if (companion.empty())
        return;


    // Second fix
    if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
    {
        LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
        if (ch)
        {
            sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
            DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
            if (ch->GetDesc())
                ch->GetDesc()->DelayedDisconnect(3);
        }
        else
            sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
        return;
    }


    sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
    DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
    __RemoveFromList(account, companion);
    TPacketGGMessenger p2ppck;
    p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
    strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
    strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
    P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}
game/src guild_manager.cpp

Kód Kijelölés Kibont

DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)


Kód Kijelölés Kibont


DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
    if (!gcp.master)
        return 0;


    if (!check_name(gcp.name))
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 길ë“Å" 이ë¦â€žì´ ì í•©í•˜ì§â,¬ ì•ŠìÅ µë‹ˆë‹¤."));
        return 0;
    }


    std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
                get_table_postfix(), gcp.name));


    if (pmsg->Get()->uiNumRows > 0)
    {
        MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);


        if (!(row[0] && row[0][0] == '0'))
        {
            gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 이미 ê°â,,¢ìâ,¬ 이ë¦â€žìËœ 길ë“Å"ê°â,¬ ìžË†ìÅ µë‹ˆë‹¤."));
            return 0;
        }
    }
    else
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 길ë“Å"를 ìÆ'ì„±í•  수 ìâ€"†ìÅ µë‹ˆë‹¤."));
        return 0;
    }


    // new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
    // other game server calls CGuildManager::LoadGuild to load guild.
    CGuild * pg = M2_NEW CGuild(gcp);
    m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
    return pg->GetID();
}

Kód Kijelölés Kibont


DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
    if (!gcp.master)
        return 0;


    if (!check_name(gcp.name))
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 길ë“Å" 이ë¦â€žì´ ì í•©í•˜ì§â,¬ ì•ŠìÅ µë‹ˆë‹¤."));
        return 0;
    }
    static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
    DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name),
    sizeof(gcp.name));
    std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
                get_table_postfix(), __escape_name));


    if (pmsg->Get()->uiNumRows > 0)
    {
        MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);


        if (!(row[0] && row[0][0] == '0'))
        {
            gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 이미 ê°â,,¢ìâ,¬ 이ë¦â€žìËœ 길ë“Å"ê°â,¬ ìžË†ìÅ µë‹ˆë‹¤."));
            return 0;
        }
    }
    else
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“Å"> 길ë“Å"를 ìÆ'ì„±í•  수 ìâ€"†ìÅ µë‹ˆë‹¤."));
        return 0;
    }


    // new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
    // other game server calls CGuildManager::LoadGuild to load guild.
    CGuild * pg = M2_NEW CGuild(gcp);
    m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
    return pg->GetID();
}