cyberpresidentvanellope/CHOMPStation2
1
0
Fork 0
mirror of https://github.com/CHOMPStation2/CHOMPStation2.git synced 2025-12-10 02:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

TG: More SQL injection patches. Added a standardized method of SQL sanitization

Browse Source 
[sanitizeSQL()].
Corrected a href list vulnerability that let players spawn Arcane Tomes from
non-e-magged library computers.
Tweaked and disabled forum_activation.dm. Way too many SQL vulnerabilities to
justify keeping it around.
Revision: r3012
Author: 	 only.lurking
This commit is contained in:
Ren Erthilo
2012-04-17 21:19:35 +01:00
parent 3b36e6b161
commit ccc5c217b7
3 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
code/game/magic/library.dm
View File

@@ -50,6 +50,12 @@
// - Books shouldn't print straight from the library computer. Make it synch with a machine like the book binder to print instead. This should consume some sort of resource.
// Run all strings to be used in an SQL query through this proc first to properly escape out injection attempts.
/proc/sanitizeSQL(var/t as text)
var/sanitized_text = dd_replacetext(t, "'", "\\'")
sanitized_text = dd_replacetext(sanitized_text, "\"", "\\\"")
return sanitized_text
/obj/structure/bookcase