Implementing TGSQL security

2025-12-10 18:22:39 +00:00 · 2021-01-27 10:51:12 -08:00
parent e3a5367009
commit 00bc513e6e
19 changed files with 228 additions and 118 deletions
--- a/code/controllers/subsystems/dbcore.dm
+++ b/code/controllers/subsystems/dbcore.dm
@@ -22,6 +22,8 @@ SUBSYSTEM_DEF(dbcore)
 	for(var/I in active_queries)
 		var/DBQuery/Q = I
 		if(world.time - Q.last_activity_time > (5 MINUTES))
+			message_admins("Found undeleted query, please check the server logs and notify coders.")
+			log_debug("Undeleted query: \"[Q.sql]\" LA: [Q.last_activity] LAT: [Q.last_activity_time]")
 			qdel(Q)
 		if(MC_TICK_CHECK)
 			return
--- a/code/controllers/subsystems/persist_vr.dm
+++ b/code/controllers/subsystems/persist_vr.dm
@@ -84,10 +84,11 @@ SUBSYSTEM_DEF(persist)
 		var/sql_dpt = sql_sanitize_text(department_earning)
 		var/sql_bal = text2num("[C.department_hours[department_earning]]")
 		var/sql_total = text2num("[C.play_hours[department_earning]]")
-		var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO vr_player_hours (ckey, department, hours, total_hours) VALUES ('[sql_ckey]', '[sql_dpt]', [sql_bal], [sql_total]) ON DUPLICATE KEY UPDATE hours = VALUES(hours), total_hours = VALUES(total_hours)") //CHOMPEdit TGSQL
+		var/list/sqlargs = list("t_ckey" = sql_ckey, "t_department" = sql_dpt) //CHOMPEdit TGSQL
+		var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO vr_player_hours (ckey, department, hours, total_hours) VALUES (:t_ckey, :t_department, [sql_bal], [sql_total]) ON DUPLICATE KEY UPDATE hours = VALUES(hours), total_hours = VALUES(total_hours)", sqlargs) //CHOMPEdit TGSQL
 		if(!query.Execute())	//CHOMPEdit
 			log_admin(query.ErrorMsg())	//CHOMPEdit
-
+		qdel(query) //CHOMPEdit TGSQL
 		if (MC_TICK_CHECK)
 			return