Fix SQL inject guild si messenge

1. 1. Intrati in:
2. /usr/src/Sursa pe care o folositi/Server/game/src
3. 2. Intrati in messenger_manager.cpp si cautati:
4. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
5. 3, Inlocuiti toata functia cu :
6.  
7. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
8. {
9.     if (companion.empty())
10.         return;
11.  
12.  
13.     // fix
14.     if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
15.     {
16.         LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
17.         if (ch)
18.         {
19.             sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
20.             DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
21.             if (ch->GetDesc())
22.                 ch->GetDesc()->DelayedDisconnect(3);
23.         }
24.         else
25.             sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
26.         return;
27.     }
28.  
29.  
30.     sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
31.     DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
32.     __RemoveFromList(account, companion);
33.     TPacketGGMessenger p2ppck;
34.     p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
35.     strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
36.     strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
37.     P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
38. }
39. 4, Salvati apoi intrati in guild_manager.cpp si cautati:
40. DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
41. 5. Inlocuiti toata functia cu :
42. DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
43. {
44.     if (!gcp.master)
45.         return 0;
46.  
47.  
48.     if (!check_name(gcp.name))
49.     {
50.         gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“œ> 길ë“œ 이ë¦â€?이 ì í•©í•˜ì§â‚¬ ì•ŠìÅ µë‹ˆë‹¤."));
51.         return 0;
52.     }
53.     static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
54.     DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name),
55.     sizeof(gcp.name));
56.     std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
57.                 get_table_postfix(), __escape_name));
58.  
59.  
60.     if (pmsg->Get()->uiNumRows > 0)
61.     {
62.         MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);
63.  
64.  
65.         if (!(row[0] && row[0][0] == '0'))
66.         {
67.             gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“œ> 이미 ê°â„¢ìâ‚¬ 이ë¦â€?ìËœ 길ë“œê°â‚¬ ì?ˆìÅ µë‹ˆë‹¤."));
68.             return 0;
69.         }
70.     }
71.     else
72.     {
73.         gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길ë“œ> 길ë“œ를 ìÆ’ìâ€?±í•  ìˆ˜ ì—†ìÅ µë‹ˆë‹¤."));
74.         return 0;
75.     }
76.  
77.  
78.     // new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
79.     // other game server calls CGuildManager::LoadGuild to load guild.
80.     CGuild * pg = M2_NEW CGuild(gcp);
81.     m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
82.     return pg->GetID();
83. }