* Apply similar bounds checks on name and description fields on MSSQL UpdateAsset

trunk
Justin Clarke Casey 2009-07-24 19:21:37 +00:00
parent a3f4330c87
commit b67c1f5086
1 changed files with 25 additions and 6 deletions

View File

@ -81,7 +81,6 @@ namespace OpenSim.Data.MSSQL
} }
else else
{ {
IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini"); IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini");
string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source"); string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source");
string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog"); string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog");
@ -159,24 +158,28 @@ namespace OpenSim.Data.MSSQL
{ {
return; return;
} }
string sql = @"INSERT INTO assets string sql = @"INSERT INTO assets
([id], [name], [description], [assetType], [local], ([id], [name], [description], [assetType], [local],
[temporary], [create_time], [access_time], [data]) [temporary], [create_time], [access_time], [data])
VALUES VALUES
(@id, @name, @description, @assetType, @local, (@id, @name, @description, @assetType, @local,
@temporary, @create_time, @access_time, @data)"; @temporary, @create_time, @access_time, @data)";
string assetName = asset.Name;
string assetName = asset.Name;
if (asset.Name.Length > 64) if (asset.Name.Length > 64)
{ {
assetName = asset.Name.Substring(0, 64); assetName = asset.Name.Substring(0, 64);
m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length.ToString() + " to " + assetName.Length.ToString() + " characters"); m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add");
} }
string assetDescription = asset.Description; string assetDescription = asset.Description;
if (asset.Description.Length > 64) if (asset.Description.Length > 64)
{ {
assetDescription = asset.Description.Substring(0, 64); assetDescription = asset.Description.Substring(0, 64);
m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length.ToString() + " to " + assetDescription.Length.ToString() + " characters"); m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add");
} }
using (AutoClosingSqlCommand command = m_database.Query(sql)) using (AutoClosingSqlCommand command = m_database.Query(sql))
{ {
int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000); int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000);
@ -210,11 +213,26 @@ namespace OpenSim.Data.MSSQL
string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType, string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType,
local = @local, temporary = @temporary, data = @data local = @local, temporary = @temporary, data = @data
WHERE id = @keyId;"; WHERE id = @keyId;";
string assetName = asset.Name;
if (asset.Name.Length > 64)
{
assetName = asset.Name.Substring(0, 64);
m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on update");
}
string assetDescription = asset.Description;
if (asset.Description.Length > 64)
{
assetDescription = asset.Description.Substring(0, 64);
m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on update");
}
using (AutoClosingSqlCommand command = m_database.Query(sql)) using (AutoClosingSqlCommand command = m_database.Query(sql))
{ {
command.Parameters.Add(m_database.CreateParameter("id", asset.FullID)); command.Parameters.Add(m_database.CreateParameter("id", asset.FullID));
command.Parameters.Add(m_database.CreateParameter("name", asset.Name)); command.Parameters.Add(m_database.CreateParameter("name", assetName));
command.Parameters.Add(m_database.CreateParameter("description", asset.Description)); command.Parameters.Add(m_database.CreateParameter("description", assetDescription));
command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type)); command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type));
command.Parameters.Add(m_database.CreateParameter("local", asset.Local)); command.Parameters.Add(m_database.CreateParameter("local", asset.Local));
command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary)); command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary));
@ -279,6 +297,7 @@ namespace OpenSim.Data.MSSQL
string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER() string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER()
OVER (ORDER BY (some column to order by)) OVER (ORDER BY (some column to order by))
WHERE Row >= @Start AND Row < @Start + @Count"; WHERE Row >= @Start AND Row < @Start + @Count";
using (AutoClosingSqlCommand command = m_database.Query(sql)) using (AutoClosingSqlCommand command = m_database.Query(sql))
{ {
command.Parameters.Add(m_database.CreateParameter("start", start)); command.Parameters.Add(m_database.CreateParameter("start", start));