aleajactaest/khanat-opennel-code
1
0
Fork 0
mirror of https://port.numenaute.org/aleajactaest/khanat-opennel-code.git synced 2024-11-10 01:09:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed: Possible SQL injection, fixes #297

Browse source
This commit is contained in:
kervala 2016-10-18 17:44:47 +02:00
parent de1b1e67fa
commit e1b69cd9a7
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
code/ryzom/server/src/monitor_service/service_main.cpp
View file

@ -379,8 +379,12 @@ void clientAuthentication(CMessage &msgin, TSockId from, CCallbackNetBase &netba
{ {
if (!Clients[i]->BadLogin) // don't allow new login attempt while thisflag is set if (!Clients[i]->BadLogin) // don't allow new login attempt while thisflag is set
{ {
// escape login
char esccapedLogin[100];
size_t len = mysql_real_escape_string(DatabaseConnection, esccapedLogin, login.c_str(), login.length());
// make a db request to to db to see if password is valid // make a db request to to db to see if password is valid
std::string queryStr = toString("SELECT Password FROM user where Login='%s'", login.c_str()); std::string queryStr = toString("SELECT Password FROM user where Login='%s'", esccapedLogin);
int result = mysql_query(DatabaseConnection, queryStr.c_str()); int result = mysql_query(DatabaseConnection, queryStr.c_str());
if (result == 0) if (result == 0)
{ {