Anura/AnuraCore
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix sql injection in bug command

Browse Source
This commit is contained in:
kaenganxt
2014-12-26 21:30:47 +01:00
parent 029eab9f93
commit 8a89576a13
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/de/anura/core/API/Errors.java
View File

@@ -49,7 +49,7 @@ public class Errors {
for(Entry<String, Object> date : data) { for(Entry<String, Object> date : data) {
dataText += date.getKey() + ":" + date.getValue().toString() + ";"; dataText += date.getKey() + ":" + date.getValue().toString() + ";";
} }
Core.getMySql().queryUpdate("INSERT INTO serverBugs(player, msg, data, timestamp) VALUES ((SELECT id FROM players WHERE uuid = '" + uuid.toString() + "'), '" + msg + "', '" + dataText + "', '" + System.currentTimeMillis() / 1000 + "')"); Core.getMySql().queryUpdate("INSERT INTO serverBugs(player, msg, data, timestamp) VALUES ((SELECT id FROM players WHERE uuid = '" + uuid.toString() + "'), '" + Core.getMySql().escapeString(msg) + "', '" + dataText + "', '" + System.currentTimeMillis() / 1000 + "')");
} }
public static Entry<String, Object> make(String key, Object value) { public static Entry<String, Object> make(String key, Object value) {