fix Fix SQL Inject net.SendAnswerMakeGuildPacket

[100%]

This code makes corrections in the way guild names are processed before being stored in the database. Here are the changes it introduces:

Original Code: The initial portion of the code checked if the guild name met specific requirements using the check_name(gcp.name) function. If the name didn't meet the requirements, a message was sent to the guild master, and the guild creation process was halted.

Added Code: In the added code segment, the DBManager::instance().EscapeString() function is utilized. This function secures the guild name against SQL Injection attacks. The name is processed through this function and then compared with the original name (__guild_name). If the processed name differs from the original, it indicates that it contained special characters that were properly secured before being stored in the database. In such a case, the function returns 0, meaning the guild creation process is aborted.

These changes aim to prevent SQL Injection attacks that could occur if the guild name contained special characters not correctly secured before being stored in the database. Without proper protection, an attacker could inject malicious SQL code that would execute during an attempt to write to the database, posing a significant security threat to the application. Properly escaping the guild name before storing it in the database helps minimize this risk.

 

game -> guild_manager.cpp

Find:

This is the hidden content, please

• Sign In
• or
• Sign Up

Add under:

This is the hidden content, please

• Sign In
• or
• Sign Up