From 8a89576a13de4ac15de278775ba51d8039661e9d Mon Sep 17 00:00:00 2001
From: kaenganxt <kaenganxt@yahoo.de>
Date: Fri, 26 Dec 2014 21:30:47 +0100
Subject: [PATCH] Fix sql injection in bug command

---
 src/de/anura/core/API/Errors.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/de/anura/core/API/Errors.java b/src/de/anura/core/API/Errors.java
index c5355c2..bc7c205 100644
--- a/src/de/anura/core/API/Errors.java
+++ b/src/de/anura/core/API/Errors.java
@@ -49,7 +49,7 @@ public class Errors {
         for(Entry<String, Object> date : data) {
             dataText += date.getKey() + ":" + date.getValue().toString() + ";";
         }
-        Core.getMySql().queryUpdate("INSERT INTO serverBugs(player, msg, data, timestamp) VALUES ((SELECT id FROM players WHERE uuid = '" + uuid.toString() + "'), '" + msg + "', '" + dataText + "', '" + System.currentTimeMillis() / 1000 + "')");
+        Core.getMySql().queryUpdate("INSERT INTO serverBugs(player, msg, data, timestamp) VALUES ((SELECT id FROM players WHERE uuid = '" + uuid.toString() + "'), '" + Core.getMySql().escapeString(msg) + "', '" + dataText + "', '" + System.currentTimeMillis() / 1000 + "')");
     }
     
     public static Entry<String, Object> make(String key, Object value) {