OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Apply asset and inventory name and description bound checks to MySQL

trunk
Justin Clarke Casey 2009-07-24 20:01:17 +00:00
parent f75949692e
commit c3bb9ec42c
2 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
OpenSim/Data/MySQL/MySQLAssetData.cs
View File

@ -210,6 +210,20 @@ namespace OpenSim.Data.MySQL
"VALUES(?id, ?name, ?description, ?assetType, ?local, ?temporary, ?create_time, ?access_time, ?data)", "VALUES(?id, ?name, ?description, ?assetType, ?local, ?temporary, ?create_time, ?access_time, ?data)",
_dbConnection.Connection); _dbConnection.Connection);
string assetName = asset.Name;
if (asset.Name.Length > 64)
{
assetName = asset.Name.Substring(0, 64);
m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add");
}
string assetDescription = asset.Description;
if (asset.Description.Length > 64)
{
assetDescription = asset.Description.Substring(0, 64);
m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add");
}
// need to ensure we dispose // need to ensure we dispose
try try
{ {
@ -218,8 +232,8 @@ namespace OpenSim.Data.MySQL
// create unix epoch time // create unix epoch time
int now = (int)((DateTime.Now.Ticks - TicksToEpoch) / 10000000); int now = (int)((DateTime.Now.Ticks - TicksToEpoch) / 10000000);
cmd.Parameters.AddWithValue("?id", asset.ID); cmd.Parameters.AddWithValue("?id", asset.ID);
cmd.Parameters.AddWithValue("?name", asset.Name); cmd.Parameters.AddWithValue("?name", assetName);
cmd.Parameters.AddWithValue("?description", asset.Description); cmd.Parameters.AddWithValue("?description", assetDescription);
cmd.Parameters.AddWithValue("?assetType", asset.Type); cmd.Parameters.AddWithValue("?assetType", asset.Type);
cmd.Parameters.AddWithValue("?local", asset.Local); cmd.Parameters.AddWithValue("?local", asset.Local);
cmd.Parameters.AddWithValue("?temporary", asset.Temporary); cmd.Parameters.AddWithValue("?temporary", asset.Temporary);

27
OpenSim/Data/MySQL/MySQLInventoryData.cs
View File

@ -471,6 +471,20 @@ namespace OpenSim.Data.MySQL
+ ", ?inventoryBasePermissions, ?inventoryEveryOnePermissions, ?inventoryGroupPermissions, ?salePrice, ?saleType, ?creationDate" + ", ?inventoryBasePermissions, ?inventoryEveryOnePermissions, ?inventoryGroupPermissions, ?salePrice, ?saleType, ?creationDate"
+ ", ?groupID, ?groupOwned, ?flags)"; + ", ?groupID, ?groupOwned, ?flags)";
string itemName = item.Name;
if (item.Name.Length > 64)
{
itemName = item.Name.Substring(0, 64);
m_log.Warn("[INVENTORY DB]: Name field truncated from " + item.Name.Length + " to " + itemName.Length + " characters on add item");
}
string itemDesc = item.Description;
if (item.Description.Length > 128)
{
itemDesc = item.Description.Substring(0, 128);
m_log.Warn("[INVENTORY DB]: Description field truncated from " + item.Description.Length + " to " + itemDesc.Length + " characters on add item");
}
try try
{ {
database.CheckConnection(); database.CheckConnection();
@ -481,8 +495,8 @@ namespace OpenSim.Data.MySQL
result.Parameters.AddWithValue("?assetType", item.AssetType.ToString()); result.Parameters.AddWithValue("?assetType", item.AssetType.ToString());
result.Parameters.AddWithValue("?parentFolderID", item.Folder.ToString()); result.Parameters.AddWithValue("?parentFolderID", item.Folder.ToString());
result.Parameters.AddWithValue("?avatarID", item.Owner.ToString()); result.Parameters.AddWithValue("?avatarID", item.Owner.ToString());
result.Parameters.AddWithValue("?inventoryName", item.Name); result.Parameters.AddWithValue("?inventoryName", itemName);
result.Parameters.AddWithValue("?inventoryDescription", item.Description); result.Parameters.AddWithValue("?inventoryDescription", itemDesc);
result.Parameters.AddWithValue("?inventoryNextPermissions", item.NextPermissions.ToString()); result.Parameters.AddWithValue("?inventoryNextPermissions", item.NextPermissions.ToString());
result.Parameters.AddWithValue("?inventoryCurrentPermissions", result.Parameters.AddWithValue("?inventoryCurrentPermissions",
item.CurrentPermissions.ToString()); item.CurrentPermissions.ToString());
@ -575,13 +589,20 @@ namespace OpenSim.Data.MySQL
"REPLACE INTO inventoryfolders (folderID, agentID, parentFolderID, folderName, type, version) VALUES "; "REPLACE INTO inventoryfolders (folderID, agentID, parentFolderID, folderName, type, version) VALUES ";
sql += "(?folderID, ?agentID, ?parentFolderID, ?folderName, ?type, ?version)"; sql += "(?folderID, ?agentID, ?parentFolderID, ?folderName, ?type, ?version)";
string folderName = folder.Name;
if (folderName.Length > 64)
{
folderName = folderName.Substring(0, 64);
m_log.Warn("[INVENTORY DB]: Name field truncated from " + folder.Name.Length + " to " + folderName.Length + " characters on add folder");
}
database.CheckConnection(); database.CheckConnection();
MySqlCommand cmd = new MySqlCommand(sql, database.Connection); MySqlCommand cmd = new MySqlCommand(sql, database.Connection);
cmd.Parameters.AddWithValue("?folderID", folder.ID.ToString()); cmd.Parameters.AddWithValue("?folderID", folder.ID.ToString());
cmd.Parameters.AddWithValue("?agentID", folder.Owner.ToString()); cmd.Parameters.AddWithValue("?agentID", folder.Owner.ToString());
cmd.Parameters.AddWithValue("?parentFolderID", folder.ParentID.ToString()); cmd.Parameters.AddWithValue("?parentFolderID", folder.ParentID.ToString());
cmd.Parameters.AddWithValue("?folderName", folder.Name); cmd.Parameters.AddWithValue("?folderName", folderName);
cmd.Parameters.AddWithValue("?type", (short) folder.Type); cmd.Parameters.AddWithValue("?type", (short) folder.Type);
cmd.Parameters.AddWithValue("?version", folder.Version); cmd.Parameters.AddWithValue("?version", folder.Version);