From b67c1f5086fc090781faff7daf01533aa1c368a6 Mon Sep 17 00:00:00 2001 From: Justin Clarke Casey Date: Fri, 24 Jul 2009 19:21:37 +0000 Subject: [PATCH] * Apply similar bounds checks on name and description fields on MSSQL UpdateAsset --- OpenSim/Data/MSSQL/MSSQLAssetData.cs | 31 ++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/OpenSim/Data/MSSQL/MSSQLAssetData.cs b/OpenSim/Data/MSSQL/MSSQLAssetData.cs index 1e09c573e4..a54258486d 100644 --- a/OpenSim/Data/MSSQL/MSSQLAssetData.cs +++ b/OpenSim/Data/MSSQL/MSSQLAssetData.cs @@ -81,7 +81,6 @@ namespace OpenSim.Data.MSSQL } else { - IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini"); string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source"); string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog"); @@ -159,24 +158,28 @@ namespace OpenSim.Data.MSSQL { return; } + string sql = @"INSERT INTO assets ([id], [name], [description], [assetType], [local], [temporary], [create_time], [access_time], [data]) VALUES (@id, @name, @description, @assetType, @local, @temporary, @create_time, @access_time, @data)"; - string assetName = asset.Name; + + string assetName = asset.Name; if (asset.Name.Length > 64) { assetName = asset.Name.Substring(0, 64); - m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length.ToString() + " to " + assetName.Length.ToString() + " characters"); + m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add"); } + string assetDescription = asset.Description; if (asset.Description.Length > 64) { assetDescription = asset.Description.Substring(0, 64); - m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length.ToString() + " to " + assetDescription.Length.ToString() + " characters"); + m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add"); } + using (AutoClosingSqlCommand command = m_database.Query(sql)) { int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000); @@ -210,11 +213,26 @@ namespace OpenSim.Data.MSSQL string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType, local = @local, temporary = @temporary, data = @data WHERE id = @keyId;"; + + string assetName = asset.Name; + if (asset.Name.Length > 64) + { + assetName = asset.Name.Substring(0, 64); + m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on update"); + } + + string assetDescription = asset.Description; + if (asset.Description.Length > 64) + { + assetDescription = asset.Description.Substring(0, 64); + m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on update"); + } + using (AutoClosingSqlCommand command = m_database.Query(sql)) { command.Parameters.Add(m_database.CreateParameter("id", asset.FullID)); - command.Parameters.Add(m_database.CreateParameter("name", asset.Name)); - command.Parameters.Add(m_database.CreateParameter("description", asset.Description)); + command.Parameters.Add(m_database.CreateParameter("name", assetName)); + command.Parameters.Add(m_database.CreateParameter("description", assetDescription)); command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type)); command.Parameters.Add(m_database.CreateParameter("local", asset.Local)); command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary)); @@ -279,6 +297,7 @@ namespace OpenSim.Data.MSSQL string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER() OVER (ORDER BY (some column to order by)) WHERE Row >= @Start AND Row < @Start + @Count"; + using (AutoClosingSqlCommand command = m_database.Query(sql)) { command.Parameters.Add(m_database.CreateParameter("start", start));