search

azerothcore / azerothcore-wotlk

Complete Open Source and Modular solution for MMO
http://www.azerothcore.org
GNU Affero General Public License v3.0
6.56k stars 2.63k forks source link

Error while parsing SQL > .go creature name Kaz'rogal < #20010

Closed TheSCREWEDSoftware closed 1 month ago

TheSCREWEDSoftware commented 1 month ago

Current Behaviour

If attempt to teleport to that npc and i would assume any other NPC that breaks SQL query due to the ' as example: .go creature name Kaz'rogal You will crash and get the following message.

image

Expected Blizzlike Behaviour

I don't think blizzard at the time would make the try and expect of the query for someone using quotes within a apostrophe.

Source

No response

Steps to reproduce the problem

1) Start the server Auth and World 2) Open the client and join, make sure you have GM access commands. 3) .go creature name Kaz'rogal

or

4) . go creature name "Sinister Reflection"

They will both crash you worldserver with the same error.

Extra Notes

For me .go creature name Kaz'rogal

AC rev. hash/commit

AzerothCore rev. 64c9e4a0a4d5 2024-09-15 21:16:14 +0000 (master branch) (Win64, RelWithDebInfo, Static)
Connected players: 0. Characters in world: 0.
Connection peak: 0.
Server uptime: 38 second(s)
Update time diff: 2ms. Last 500 diffs summary:
|- Mean: 5ms
|- Median: 2ms
|- Percentiles (95, 99, max): 12ms, 19ms, 130ms
Using SSL version: OpenSSL 3.3.2 3 Sep 2024 (library: OpenSSL 3.3.2 3 Sep 2024)
Using Boost version: 1.86.0
Using CMake version: 3.29.8
Using MySQL version: 80039
Found MySQL Executable: C:/Program Files/MySQL/MySQL Server 8.0/bin/mysql.exe
Compiled on: Windows 10.0.17763
Worldserver listening connections on port %hu
Realmlist (Realm Id: 1) configured in port 8085
VMAPs status: Enabled. LineOfSight: true, getHeight: true, indoorCheck: true
MMAPs status: Enabled
maps directory located in Data/maps. Total size: 291014951 bytes
vmaps directory located in Data/vmaps. Total size: 658130721 bytes
mmaps directory located in Data/mmaps. Total size: 2192910844 bytes
Default DBC locale: enUS.
All available DBC locales: enUS
Using World DB: ACDB 335.12-dev
Latest LoginDatabase update: acore_cms_subscriptions.sql
Latest CharacterDatabase update: trasmorg.sql
Latest WorldDatabase update: trasm_world_VendorItems.sql
LoginDatabase queue size: 0
CharacterDatabase queue size: 0
WorldDatabase queue size: 0
List of enabled modules:
|- mod-account-achievements
|- mod-account-mounts
|- mod-aoe-loot
|- mod-assistant
|- mod-breaking-news-override
|- mod-eluna
|- mod-no-hearthstone-cooldown
|- mod-skip-dk-starting-area
|- mod-transmog
|- mod-weekendbonus
|- mod-world-chat

Operating system

W10 64bit

Custom changes or Modules

|- mod-account-achievements |- mod-account-mounts |- mod-aoe-loot |- mod-assistant |- mod-breaking-news-override |- mod-eluna |- mod-no-hearthstone-cooldown |- mod-skip-dk-starting-area |- mod-transmog |- mod-weekendbonus |- mod-world-chat

kissingers commented 1 month ago

not find the creature and so no crash for first cmd .go creature name "Sinister Reflection" crash.

Kitzunu commented 1 month ago

don't use quotes in it, that will mess it up. Obviously, we should check for it. But that is what is causing the crash

        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1" , name.data());