-
Notifications
You must be signed in to change notification settings - Fork 627
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[core, SQL] Refactor to use mariadb-connector-cpp and introduce new db namespace #4601
Conversation
c7d76c3
to
0b8c87e
Compare
a422f08
to
2182ddf
Compare
87942b1
to
2fbb29f
Compare
6c5bca6
to
6e12444
Compare
Evening discoveries: both C++-style mariadb connectors are very much 1-indexed. 😷 |
240de61
to
2fbdee3
Compare
41568db
to
35f0d9d
Compare
Added some basic locking to make this use case safe (it would crash out otherwise): auto thVec = std::vector<std::jthread>{};
for (int i = 0; i < 32; ++i)
{
thVec.emplace_back(std::jthread(
[&]()
{
auto rset = db::query("SELECT * FROM char_inventory;");
if (rset && rset->rowsCount())
while (rset->next())
{
ShowInfo("%u", rset->getUInt("charid"));
}
std::this_thread::sleep_for(std::chrono::milliseconds(xirand::GetRandomNumber(100, 500)));
}));
} |
bd545ad
to
b2a79f3
Compare
If we want to collect together all of the definitions, we can do that as a lookup to strings later
TODO: Triple check that if a simple query fails, it'll return nullptr as the rset |
TODO: Run through BLU logic to make sure this query works:
|
TODO: Ensure that blobs stored in the old system can be loaded by the new system, and that everything works from a before/after standpoint (logging in as BLU, messing around with spells, and zoning is sufficient to check this) |
2462885
to
6192cfb
Compare
src/common/database.cpp
Outdated
return result; | ||
}; | ||
|
||
return replaceAll(query, { "--", "/*", "*/", ";" }, ""); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this supposed to replace "bad" characters with escaped ones? '
-> \'
and so on so that things like chat, search comments, bazaar comments, etc can still include them, but they also wreck injection?
Speaking of, '
is missing from this list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also the autostranslate junk people can put in bazaar and seacom, thats not even human visible characters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this supposed to replace "bad" characters with escaped ones? ' -> ' and so on so that things like chat, search comments, bazaar comments, etc can still include them, but they also wreck injection?
Speaking of, ' is missing from this list.
My blob encoding handles escaping characters and things, this sanitise routine is specifically to make super ultra mega sure we're removing any and all possible vectors for SQL injection, even if the c connector, cpp connector and other mechanisms all promise they stop it on our behalf
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
autotranslate, bazaar, seacon etc. are all handled as blobs, which I now have acting equivalently to the c-connector, and it's now obvious what it's doing.
This routine is for the cases where plain text is pulled out of incoming packets and used as strings, rather than blobs for the db or the client
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are gm/chat audits blobs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be, easy test thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do this in later PRs, I already have evidence of a blob being read from the old system, rewritten and reread correctly
a2b4b62
to
77f1d4d
Compare
77f1d4d
to
3de2280
Compare
All my TODOs are addressed, all my testing is done, all my comments and thoughts are addressed. Will finish the article, test |
I affirm:
What does this pull request do?
https://github.com/LandSandBoat/server/wiki/Database-Library-Upgrade
Steps to test these changes
Test as normal (I changed some things and invalidated all my old testing, so we're starting from the beginning!):
!exec xi.mogTablet.hideAllTablets()
)