smartaleq
commented
13 years ago closed because dan's a prick, and anyone who runs an offline server deserves to get sql injected in the backside
Closed dancaselden closed 13 years ago
smartaleq
commented
13 years ago closed because dan's a prick, and anyone who runs an offline server deserves to get sql injected in the backside
dancaselden
commented
13 years ago right -- its chill that we can only get rooted some of the time
DataManager.java uses dwarf names in sql queries: "//Unsanitized because no one has the player name Robert' Drop Table dwarfs;"
I can spoof arbitrary player names, so ^ is not the case. sanitize dat shit