[C++]DBMANAGER_SQL_INJECT_FIX

  • Autor subiect Petrinel
  • Dată creare
  • Răspunsuri: Răspunsuri 0
  • Vizualizări: Vizualizări 2K
Petrinel

Petrinel

Well-known member
29 Aug 2020
159
708
93
23
Falciu
Monede Dragon
0
Cauta in db.cpp:

Cod: 
void DBManager::Query(const char * c_pszFormat, ...)
{
    char szQuery[4096];
    va_list args;
    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);
    std::string sQuery(szQuery);
    m_sql.AsyncQuery(sQuery.substr(0,sQuery.find_first_of(";")==-1?sQuery.length(): sQuery.find_first_of(";")).c_str());
}

SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, ...)
{
    char szQuery[4096];
    va_list args;
    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);
    std::string sQuery(szQuery);
    return m_sql_direct.DirectQuery(sQuery.substr(0, sQuery.find_first_of(";") == -1 ? sQuery.length() :            sQuery.find_first_of(";")).c_str());
}

Si inlocuieste tot cu :

Cod: 
#ifdef ENABLE_DBMANAGER_SQL_INJECT_FIX
void DBManager::Query(const char * c_pszFormat, ...)
{
    char szQuery[4096];

    va_list args;
    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);
    std::string sQuery(szQuery);
    m_sql.AsyncQuery(sQuery.substr(0, sQuery.find_first_of(";") == std::string::npos ? sQuery.length() : sQuery.find_first_of(";")).c_str());
}

SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, ...)
{
    char szQuery[4096];
    va_list args;
    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);

    std::string sQuery(szQuery);

    return m_sql_direct.DirectQuery(sQuery.substr(0, sQuery.find_first_of(";") == std::string::npos ? sQuery.length() : sQuery.find_first_of(";")).c_str());

}

#else
void DBManager::Query(const char * c_pszFormat, ...)
{
    char szQuery[4096];
    va_list args;

    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);

    m_sql.AsyncQuery(szQuery);
}


SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, ...)
{
    char szQuery[4096];
    va_list args;

    va_start(args, c_pszFormat);
    vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
    va_end(args);

    return m_sql_direct.DirectQuery(szQuery);
}
#endif

Si in service.h adauga:
Cod: 
#define ENABLE_DBMANAGER_SQL_INJECT_FIX
 
  • Like
Reacții: #TrC
Trebuie să te autentifici sau să te înregistrezi pentru a răspunde aici.