diff options
author | Yohann Ferreira <yohann_dot_ferreira_at_orange_dot_efer> | 2010-12-16 19:58:36 +0100 |
---|---|---|
committer | Yohann Ferreira <yohann_dot_ferreira_at_orange_dot_efer> | 2010-12-16 19:58:36 +0100 |
commit | a230426162c190b0e4e380704c3e3f31d431e39a (patch) | |
tree | 23158e38e2dca0d73de34ad82048046f5fe0e3f3 /src/account-server/storage.cpp | |
parent | 028d86a17d211a0790a1831474773644be2e97ed (diff) | |
download | manaserv-a230426162c190b0e4e380704c3e3f31d431e39a.tar.gz manaserv-a230426162c190b0e4e380704c3e3f31d431e39a.tar.bz2 manaserv-a230426162c190b0e4e380704c3e3f31d431e39a.tar.xz manaserv-a230426162c190b0e4e380704c3e3f31d431e39a.zip |
Use bound values for Storage::flush() since it leaked sensitive info.
(Readable in the log with debug level.)
Reviewed-by: Jaxad0127.
Diffstat (limited to 'src/account-server/storage.cpp')
-rw-r--r-- | src/account-server/storage.cpp | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/account-server/storage.cpp b/src/account-server/storage.cpp index add60841..bb267d65 100644 --- a/src/account-server/storage.cpp +++ b/src/account-server/storage.cpp @@ -848,13 +848,25 @@ void Storage::flush(Account *account) std::ostringstream sqlUpdateAccountTable; sqlUpdateAccountTable << "update " << ACCOUNTS_TBL_NAME - << " set username = '" << account->getName() << "', " - << "password = '" << account->getPassword() << "', " - << "email = '" << account->getEmail() << "', " - << "level = '" << account->getLevel() << "', " - << "lastlogin = '" << account->getLastLogin() << "' " - << "where id = '" << account->getID() << "';"; - mDb->execSql(sqlUpdateAccountTable.str()); + << " set username = '?', password = '?', email = '?', " + << "level = '?', lastlogin = '?' where id = '?';"; + + if (mDb->prepareSql(sqlUpdateAccountTable.str())) + { + mDb->bindValue(1, account->getName()); + mDb->bindValue(2, account->getPassword()); + mDb->bindValue(3, account->getEmail()); + mDb->bindValue(4, account->getLevel()); + mDb->bindValue(5, account->getLastLogin()); + mDb->bindValue(6, account->getID()); + + mDb->processSql(); + } + else + { + utils::throwError("(DALStorage::flush) " + "SQL preparation query failure."); + } // Get the list of characters that belong to this account. Characters &characters = account->getCharacters(); |