Closed dancaselden closed 13 years ago
DataManager.java uses dwarf names in sql queries: "//Unsanitized because no one has the player name Robert' Drop Table dwarfs;"
I can spoof arbitrary player names, so ^ is not the case. sanitize dat shit
closed because dan's a prick, and anyone who runs an offline server deserves to get sql injected in the backside
right -- its chill that we can only get rooted some of the time
DataManager.java uses dwarf names in sql queries: "//Unsanitized because no one has the player name Robert' Drop Table dwarfs;"
I can spoof arbitrary player names, so ^ is not the case. sanitize dat shit