Upstream/ChestShop-3
1
0
Fork 0
mirror of https://github.com/ChestShop-authors/ChestShop-3.git synced 2024-11-23 10:35:15 +01:00
Code Issues Projects Releases Wiki Activity

Use prepared queries to avoid special character issues (Fixes #258)

Browse Source
This commit is contained in:
Phoenix616 2019-07-29 18:50:26 +01:00
parent e972a7d657
commit 930b2cc07b
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/Acrobot/ChestShop/Metadata/ItemDatabase.java
View File

@ -7,6 +7,7 @@ import com.Acrobot.ChestShop.Database.DaoCreator;
import com.Acrobot.ChestShop.Database.Item;
import com.j256.ormlite.dao.CloseableIterator;
import com.j256.ormlite.dao.Dao;
import com.j256.ormlite.stmt.SelectArg;
import org.bukkit.Material;
import org.bukkit.configuration.file.YamlConfiguration;
import org.bukkit.configuration.file.YamlConstructor;
@ -146,7 +147,7 @@ public class ItemDatabase {
}
String code = Base64.encodeObject(dumped);
Item itemEntity = itemDao.queryBuilder().where().eq("code", code).queryForFirst();
Item itemEntity = itemDao.queryBuilder().where().eq("code", new SelectArg(code)).queryForFirst();
if (itemEntity == null) {
itemEntity = new Item(code);
itemDao.create(itemEntity);
@ -173,7 +174,7 @@ public class ItemDatabase {
int id = Base62.decode(code);
try {
Item item = itemDao.queryBuilder().where().eq("id", id).queryForFirst();
Item item = itemDao.queryBuilder().where().eq("id", new SelectArg(id)).queryForFirst();
if (item == null) {
return null;

9
src/main/java/com/Acrobot/ChestShop/UUIDs/NameManager.java
View File

@ -12,6 +12,7 @@ import com.Acrobot.ChestShop.Permission;
import com.Acrobot.ChestShop.Signs.ChestShopSign;
import com.j256.ormlite.dao.Dao;
import com.j256.ormlite.stmt.SelectArg;
import org.apache.commons.lang.Validate;
import org.bukkit.Bukkit;
import org.bukkit.OfflinePlayer;
@ -74,7 +75,7 @@ public class NameManager implements Listener {
try {
return uuidToAccount.get(uuid, () -> {
try {
Account account = accounts.queryBuilder().orderBy("lastSeen", false).where().eq("uuid", uuid).queryForFirst();
Account account = accounts.queryBuilder().orderBy("lastSeen", false).where().eq("uuid", new SelectArg(uuid)).queryForFirst();
if (account != null) {
account.setUuid(uuid); // HOW IS IT EVEN POSSIBLE THAT UUID IS NOT SET EVEN IF WE HAVE FOUND THE PLAYER?!
shortToAccount.put(account.getShortName(), account);
@ -103,7 +104,7 @@ public class NameManager implements Listener {
try {
return usernameToAccount.get(fullName, () -> {
try {
Account account = accounts.queryBuilder().orderBy("lastSeen", false).where().eq("name", fullName).queryForFirst();
Account account = accounts.queryBuilder().orderBy("lastSeen", false).where().eq("name", new SelectArg(fullName)).queryForFirst();
if (account != null) {
account.setName(fullName); // HOW IS IT EVEN POSSIBLE THAT THE NAME IS NOT SET EVEN IF WE HAVE FOUND THE PLAYER?!
shortToAccount.put(account.getShortName(), account);
@ -150,7 +151,7 @@ public class NameManager implements Listener {
try {
account = shortToAccount.get(shortName, () -> {
try {
Account a = accounts.queryBuilder().where().eq("shortName", shortName).queryForFirst();
Account a = accounts.queryBuilder().where().eq("shortName", new SelectArg(shortName)).queryForFirst();
if (a != null) {
a.setShortName(shortName); // HOW IS IT EVEN POSSIBLE THAT THE NAME IS NOT SET EVEN IF WE HAVE FOUND THE PLAYER?!
return a;
@ -285,7 +286,7 @@ public class NameManager implements Listener {
Account latestAccount = null;
try {
latestAccount = accounts.queryBuilder().where().eq("uuid", uuid).and().eq("name", player.getName()).queryForFirst();
latestAccount = accounts.queryBuilder().where().eq("uuid", new SelectArg(uuid)).and().eq("name", new SelectArg(player.getName())).queryForFirst();
} catch (SQLException e) {
ChestShop.getBukkitLogger().log(Level.WARNING, "Error while searching for latest account of " + player.getName() + "/" + uuid + ":", e);
}