diff options
| -rwxr-xr-x | logmaster.py | 4 | ||||
| -rw-r--r-- | npc/functions/util.txt | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/logmaster.py b/logmaster.py index 97941a8a4..cdd59df16 100755 --- a/logmaster.py +++ b/logmaster.py @@ -24,7 +24,7 @@ import mysql.connector, signal, sys, threading, time, traceback ## Default values HOST="127.0.0.1"; PORT=0; USER=""; PASS=""; DBXT=""; db=None; sqli = []; running=True -SQL_PINGTIME=300.0; SQL_FLUSH=3.0 +SQL_PINGTIME=300.0; SQL_FLUSH=1.0 ## Warnings ERR=0 @@ -177,7 +177,7 @@ while running: ## Command: SAD ## Description: Replaces "?" with escaped data. elif cmd.startswith("SAD"): - bf=bf.replace("?%s" % cmd.replace("SAD", ""), args.replace("\\", "\\\\").replace('"','\\"').replace("'", "\\'")) + bf=bf.replace("?%s" % cmd.replace("SAD", ""), args.replace("\\", "\\\\").replace('"','\\"').replace("'", "\\'").replace('\n','').replace('\r','').replace('\0','')) ## Command: SQLRUN ## Description: Executes the prepared SQL statement. ## Sanitization must be done using SAD commands. diff --git a/npc/functions/util.txt b/npc/functions/util.txt index 05699b68a..d3aebb7d1 100644 --- a/npc/functions/util.txt +++ b/npc/functions/util.txt @@ -1307,8 +1307,11 @@ function script json_encode { // sends to API function script api_send { .@cde=getarg(0); - .@fm$=escape_sql(getarg(1)); - query_sql("INSERT INTO `api_export` (`type`, `data`) VALUES ('"+.@cde+"', \""+.@fm$+"\")"); + if (!apicall(.@cde, getarg(1))) { + debugmes "[API] Fallback in use."; + .@fm$=escape_sql(getarg(1)); + query_sql("INSERT INTO `api_export` (`type`, `data`) VALUES ('"+.@cde+"', \""+.@fm$+"\")"); + } return; } |