phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-05-07 17:43:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix(editor): escape user strings in server module map/zone/tele SQL

Browse source 
The map_dbc, area_table_dbc, and game_tele INSERTs previously
embedded mapName/displayName/manifest.mapName as raw strings — a
zone called "King's Land" or anything containing a single quote
would emit malformed SQL that AzerothCore would reject. Promotes
the existing escapeSql helper to a public SQLExporter::escape and
uses it in all three INSERTs.
This commit is contained in:
Kelsi 2026-05-06 06:46:58 -07:00
parent cc1e1cb7fa
commit a8464fc367
3 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tools/editor/sql_exporter.hpp
View file

@ -33,6 +33,12 @@ public:
const std::string& path,
uint32_t mapId = 9000,
uint32_t startEntry = 100000);
// Escape a string for safe inclusion inside single-quoted SQL literal.
// Doubles single quotes and escapes backslashes — matches MySQL/MariaDB
// string literal rules used by AzerothCore/TrinityCore. Use whenever you
// emit user-provided text into SQL outside of this class.
static std::string escape(const std::string& s);
};
} // namespace editor