Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix SQL injection in adminreport.lua

Browse Source
This commit is contained in:
Mark Samman 2014-10-29 19:43:13 +01:00
parent 4884512e6f
commit c5c94974a1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LUA/TFS_10/talkaction report system/adminreport.lua
View File

@ -10,7 +10,7 @@ function onSay(cid, words, param, channel)
end end
if player:getStorageValue(storage) <= os.time() then if player:getStorageValue(storage) <= os.time() then
player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!") player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!")
db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , '" .. player:getName() .. "', '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')") db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , " .. db.escapeString(player:getName()) .. ", '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')")
player:setStorageValue(storage, os.time() + delaytime) player:setStorageValue(storage, os.time() + delaytime)
else else
player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.") player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.")