Senior Member
Join Date: Jan 2016
Location: CSGO Servers
|
08-09-2020
, 00:07
Re: [CSGO] Error Log
|
#3
|
Quote:
Originally Posted by Fyren
If you don't know how to write SP, you should just find a different plugin because that one is insecure.
If you can or someone cares enough to fix it, it should not use plain Format/FormatEx to create SQL queries because that leads to SQL injection vulnerabilities.
|
this plugin best ban manager for server. but i have this problem
can you fix this?
PHP Code:
void DB_CreateBan(const char[] auth = "N/A", const char[] ip = "N/A", int time, BanType type, const char[] name = "N/A", int timestamp, const char[] reason = "N/A", const char[] adminAuth, const char[] adminName)
{
Call_StartForward(g_hOnBanCreated_Pre);
Call_PushString(auth);
Call_PushString(ip);
Action result;
Call_Finish(result);
if(result != Plugin_Handled)
{
DataPack data = new DataPack();
data.WriteString(auth);
data.WriteString(ip);
data.WriteCell(time);
data.WriteCell(type);
data.WriteString(name);
data.WriteCell(timestamp);
data.WriteString(reason);
data.WriteString(adminAuth);
data.WriteString(adminName);
char sQuery[500];
FormatEx(sQuery, sizeof(sQuery), "INSERT INTO `%s` (`Auth`, `Ip`, `Time`, `Type`, `Name`, `Timestamp`, `Reason`, `AdminAuth`, `AdminName`) VALUES ('%s', '%s', '%d', '%d', '%s', '%d', '%s', '%s', '%s');",
DBName,
auth,
ip,
time,
type,
name,
timestamp,
reason,
adminAuth,
adminName);
g_hDB.Query(DB_CreateBan_Callback, sQuery, data);
}
}
public void DB_CreateBan_Callback(Database db, DBResultSet results, const char[] error, DataPack data)
{
if(results != null)
{
char sAuth[32], sIp[16], sName[MAX_NAME_LENGTH], sReason[MAX_REASON_LENGTH], sAdminAuth[32], sAdminName[MAX_NAME_LENGTH], sKey[16];
data.Reset();
data.ReadString(sAuth, sizeof(sAuth));
data.ReadString(sIp, sizeof(sIp));
int time = data.ReadCell();
BanType type = data.ReadCell();
data.ReadString(sName, sizeof(sName));
int timestamp = data.ReadCell();
data.ReadString(sReason, sizeof(sReason));
data.ReadString(sAdminAuth, sizeof(sAdminAuth));
data.ReadString(sAdminName, sizeof(sAdminName));
any[] pack = new any[BanCache];
FormatEx(pack[Auth], 32, "%s", sAuth);
FormatEx(pack[Ip], 16, "%s", sIp);
pack[Time] = time;
pack[Type] = type;
FormatEx(pack[Name], MAX_NAME_LENGTH, "%s", sName);
pack[Timestamp] = timestamp;
FormatEx(pack[Reason], MAX_REASON_LENGTH, "%s", sReason);
FormatEx(pack[AdminAuth], 32, "%s", sAdminAuth);
FormatEx(pack[AdminName], MAX_NAME_LENGTH, "%s", sAdminName);
IntToString(g_hBanCache.Size, sKey, sizeof(sKey));
g_hBanCache.SetArray(sKey, pack, view_as<int>(BanCache));
Call_StartForward(g_hOnBanCreated_Post);
Call_PushString(sAuth);
Call_PushString(sIp);
Call_Finish();
}
else
{
LogError("DB_CreateBan_Callback: %s", error);
}
delete data;
}
ty :X
|
|