Fixed incorrect escaping in clientprefs SQLite queries (bug 3904, r+a12=pred).
This commit is contained in:
David Anderson
parent
b11f597521
commit
008e98d980
@ -175,7 +175,7 @@ bool TQueryOp::BindParamsAndRun()
|
|||||||
UTIL_Format(query,
|
UTIL_Format(query,
|
||||||
sizeof(query),
|
sizeof(query),
|
||||||
"INSERT OR IGNORE INTO sm_cookies (name, description, access) \
|
"INSERT OR IGNORE INTO sm_cookies (name, description, access) \
|
||||||
VALUES (\"%s\", \"%s\", %d)",
|
VALUES ('%s', '%s', %d)",
|
||||||
safe_name,
|
safe_name,
|
||||||
safe_desc,
|
safe_desc,
|
||||||
m_params.cookie->access);
|
m_params.cookie->access);
|
||||||
@ -204,7 +204,7 @@ bool TQueryOp::BindParamsAndRun()
|
|||||||
FROM sm_cookies \
|
FROM sm_cookies \
|
||||||
JOIN sm_cookie_cache \
|
JOIN sm_cookie_cache \
|
||||||
ON sm_cookies.id = sm_cookie_cache.cookie_id \
|
ON sm_cookies.id = sm_cookie_cache.cookie_id \
|
||||||
WHERE player = \"%s\"",
|
WHERE player = '%s'",
|
||||||
safe_str);
|
safe_str);
|
||||||
|
|
||||||
m_pResult = m_database->DoQuery(query);
|
m_pResult = m_database->DoQuery(query);
|
||||||
@ -247,7 +247,7 @@ bool TQueryOp::BindParamsAndRun()
|
|||||||
sizeof(query),
|
sizeof(query),
|
||||||
"INSERT OR REPLACE INTO sm_cookie_cache \
|
"INSERT OR REPLACE INTO sm_cookie_cache \
|
||||||
(player, cookie_id, value, timestamp) \
|
(player, cookie_id, value, timestamp) \
|
||||||
VALUES (\"%s\", %d, \"%s\", %d)",
|
VALUES ('%s', %d, '%s', %d)",
|
||||||
safe_id,
|
safe_id,
|
||||||
m_params.cookieId,
|
m_params.cookieId,
|
||||||
safe_val,
|
safe_val,
|
||||||
@ -276,7 +276,7 @@ bool TQueryOp::BindParamsAndRun()
|
|||||||
|
|
||||||
UTIL_Format(query,
|
UTIL_Format(query,
|
||||||
sizeof(query),
|
sizeof(query),
|
||||||
"SELECT id FROM sm_cookies WHERE name = \"%s\"",
|
"SELECT id FROM sm_cookies WHERE name = '%s'",
|
||||||
safe_name);
|
safe_name);
|
||||||
|
|
||||||
m_pResult = m_database->DoQuery(query);
|
m_pResult = m_database->DoQuery(query);
|
||||||
|
|||||||
@ -288,6 +288,10 @@ native bool:SQL_GetError(Handle:hndl, String:error[], maxlength);
|
|||||||
* characters are safely escaped according to the database engine and
|
* characters are safely escaped according to the database engine and
|
||||||
* the database's character set.
|
* the database's character set.
|
||||||
*
|
*
|
||||||
|
* NOTE: SourceMod only guarantees properly escaped strings when the query
|
||||||
|
* encloses the string in ''. While drivers tend to allow " instead, the string
|
||||||
|
* may be not be escaped (for example, on SQLite)!
|
||||||
|
*
|
||||||
* @param hndl A database Handle.
|
* @param hndl A database Handle.
|
||||||
* @param string String to quote.
|
* @param string String to quote.
|
||||||
* @param buffer Buffer to store quoted string in.
|
* @param buffer Buffer to store quoted string in.
|
||||||
|
|||||||
@ -9,14 +9,14 @@ new Handle:g_Cookie5;
|
|||||||
|
|
||||||
public OnPluginStart()
|
public OnPluginStart()
|
||||||
{
|
{
|
||||||
g_Cookie = RegClientCookie("test-cookie", "A basic testing cookie", CookieAccess_Public);
|
g_Cookie = RegClientCookie("test-cookie'", "A basic 'testing cookie", CookieAccess_Public);
|
||||||
g_Cookie2 = RegClientCookie("test-cookie2", "A basic testing cookie", CookieAccess_Protected);
|
g_Cookie2 = RegClientCookie("test-cookie2\"", "\"A basic testing cookie", CookieAccess_Protected);
|
||||||
g_Cookie3 = RegClientCookie("test-cookie3", "A basic testing cookie", CookieAccess_Public);
|
g_Cookie3 = RegClientCookie("test-cookie3", "A basic testing cookie", CookieAccess_Public);
|
||||||
g_Cookie4 = RegClientCookie("test-cookie4", "A basic testing cookie", CookieAccess_Private);
|
g_Cookie4 = RegClientCookie("test-cookie4", "A basic testing cookie", CookieAccess_Private);
|
||||||
|
|
||||||
g_Cookie5 = RegClientCookie("test-cookie5", "A basic testing cookie", CookieAccess_Public);
|
g_Cookie5 = RegClientCookie("test-cookie5", "A basic testing cookie", CookieAccess_Public);
|
||||||
|
|
||||||
SetCookiePrefabMenu(g_Cookie, CookieMenu_YesNo, "Cookie 1", CookieSelected, any:g_Cookie);
|
SetCookiePrefabMenu(g_Cookie, CookieMenu_YesNo, "Cookie '1", CookieSelected, any:g_Cookie);
|
||||||
SetCookiePrefabMenu(g_Cookie2, CookieMenu_YesNo_Int, "Cookie 2");
|
SetCookiePrefabMenu(g_Cookie2, CookieMenu_YesNo_Int, "Cookie 2");
|
||||||
SetCookiePrefabMenu(g_Cookie3, CookieMenu_OnOff, "Cookie 3");
|
SetCookiePrefabMenu(g_Cookie3, CookieMenu_OnOff, "Cookie 3");
|
||||||
SetCookiePrefabMenu(g_Cookie4, CookieMenu_OnOff_Int, "Cookie 4");
|
SetCookiePrefabMenu(g_Cookie4, CookieMenu_OnOff_Int, "Cookie 4");
|
||||||
@ -55,7 +55,7 @@ public OnClientCookiesCached(client)
|
|||||||
new String:hi[100];
|
new String:hi[100];
|
||||||
GetClientCookie(client, g_Cookie, hi, sizeof(hi));
|
GetClientCookie(client, g_Cookie, hi, sizeof(hi));
|
||||||
LogMessage("Test: %s",hi);
|
LogMessage("Test: %s",hi);
|
||||||
SetClientCookie(client, g_Cookie, "somethingsomething");
|
SetClientCookie(client, g_Cookie, "somethingsomething'");
|
||||||
GetClientCookie(client, g_Cookie, hi, sizeof(hi));
|
GetClientCookie(client, g_Cookie, hi, sizeof(hi));
|
||||||
LogMessage("Test: %s",hi);
|
LogMessage("Test: %s",hi);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user