diff options
author | Justin Clarke Casey | 2009-07-24 20:01:17 +0000 |
---|---|---|
committer | Justin Clarke Casey | 2009-07-24 20:01:17 +0000 |
commit | c3bb9ec42ccc86d55055494bad31835a0fae00d2 (patch) | |
tree | 4cbad1bb4b0ebf797d80c71d4749ee7af02b50f4 | |
parent | * Extend mssql name string size checking to create/update folder (diff) | |
download | opensim-SC_OLD-c3bb9ec42ccc86d55055494bad31835a0fae00d2.zip opensim-SC_OLD-c3bb9ec42ccc86d55055494bad31835a0fae00d2.tar.gz opensim-SC_OLD-c3bb9ec42ccc86d55055494bad31835a0fae00d2.tar.bz2 opensim-SC_OLD-c3bb9ec42ccc86d55055494bad31835a0fae00d2.tar.xz |
* Apply asset and inventory name and description bound checks to MySQL
-rw-r--r-- | OpenSim/Data/MySQL/MySQLAssetData.cs | 18 | ||||
-rw-r--r-- | OpenSim/Data/MySQL/MySQLInventoryData.cs | 27 |
2 files changed, 40 insertions, 5 deletions
diff --git a/OpenSim/Data/MySQL/MySQLAssetData.cs b/OpenSim/Data/MySQL/MySQLAssetData.cs index c22f645..26cdd06 100644 --- a/OpenSim/Data/MySQL/MySQLAssetData.cs +++ b/OpenSim/Data/MySQL/MySQLAssetData.cs | |||
@@ -210,6 +210,20 @@ namespace OpenSim.Data.MySQL | |||
210 | "VALUES(?id, ?name, ?description, ?assetType, ?local, ?temporary, ?create_time, ?access_time, ?data)", | 210 | "VALUES(?id, ?name, ?description, ?assetType, ?local, ?temporary, ?create_time, ?access_time, ?data)", |
211 | _dbConnection.Connection); | 211 | _dbConnection.Connection); |
212 | 212 | ||
213 | string assetName = asset.Name; | ||
214 | if (asset.Name.Length > 64) | ||
215 | { | ||
216 | assetName = asset.Name.Substring(0, 64); | ||
217 | m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add"); | ||
218 | } | ||
219 | |||
220 | string assetDescription = asset.Description; | ||
221 | if (asset.Description.Length > 64) | ||
222 | { | ||
223 | assetDescription = asset.Description.Substring(0, 64); | ||
224 | m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add"); | ||
225 | } | ||
226 | |||
213 | // need to ensure we dispose | 227 | // need to ensure we dispose |
214 | try | 228 | try |
215 | { | 229 | { |
@@ -218,8 +232,8 @@ namespace OpenSim.Data.MySQL | |||
218 | // create unix epoch time | 232 | // create unix epoch time |
219 | int now = (int)((DateTime.Now.Ticks - TicksToEpoch) / 10000000); | 233 | int now = (int)((DateTime.Now.Ticks - TicksToEpoch) / 10000000); |
220 | cmd.Parameters.AddWithValue("?id", asset.ID); | 234 | cmd.Parameters.AddWithValue("?id", asset.ID); |
221 | cmd.Parameters.AddWithValue("?name", asset.Name); | 235 | cmd.Parameters.AddWithValue("?name", assetName); |
222 | cmd.Parameters.AddWithValue("?description", asset.Description); | 236 | cmd.Parameters.AddWithValue("?description", assetDescription); |
223 | cmd.Parameters.AddWithValue("?assetType", asset.Type); | 237 | cmd.Parameters.AddWithValue("?assetType", asset.Type); |
224 | cmd.Parameters.AddWithValue("?local", asset.Local); | 238 | cmd.Parameters.AddWithValue("?local", asset.Local); |
225 | cmd.Parameters.AddWithValue("?temporary", asset.Temporary); | 239 | cmd.Parameters.AddWithValue("?temporary", asset.Temporary); |
diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs index e48f26a..a4b8663 100644 --- a/OpenSim/Data/MySQL/MySQLInventoryData.cs +++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs | |||
@@ -471,6 +471,20 @@ namespace OpenSim.Data.MySQL | |||
471 | + ", ?inventoryBasePermissions, ?inventoryEveryOnePermissions, ?inventoryGroupPermissions, ?salePrice, ?saleType, ?creationDate" | 471 | + ", ?inventoryBasePermissions, ?inventoryEveryOnePermissions, ?inventoryGroupPermissions, ?salePrice, ?saleType, ?creationDate" |
472 | + ", ?groupID, ?groupOwned, ?flags)"; | 472 | + ", ?groupID, ?groupOwned, ?flags)"; |
473 | 473 | ||
474 | string itemName = item.Name; | ||
475 | if (item.Name.Length > 64) | ||
476 | { | ||
477 | itemName = item.Name.Substring(0, 64); | ||
478 | m_log.Warn("[INVENTORY DB]: Name field truncated from " + item.Name.Length + " to " + itemName.Length + " characters on add item"); | ||
479 | } | ||
480 | |||
481 | string itemDesc = item.Description; | ||
482 | if (item.Description.Length > 128) | ||
483 | { | ||
484 | itemDesc = item.Description.Substring(0, 128); | ||
485 | m_log.Warn("[INVENTORY DB]: Description field truncated from " + item.Description.Length + " to " + itemDesc.Length + " characters on add item"); | ||
486 | } | ||
487 | |||
474 | try | 488 | try |
475 | { | 489 | { |
476 | database.CheckConnection(); | 490 | database.CheckConnection(); |
@@ -481,8 +495,8 @@ namespace OpenSim.Data.MySQL | |||
481 | result.Parameters.AddWithValue("?assetType", item.AssetType.ToString()); | 495 | result.Parameters.AddWithValue("?assetType", item.AssetType.ToString()); |
482 | result.Parameters.AddWithValue("?parentFolderID", item.Folder.ToString()); | 496 | result.Parameters.AddWithValue("?parentFolderID", item.Folder.ToString()); |
483 | result.Parameters.AddWithValue("?avatarID", item.Owner.ToString()); | 497 | result.Parameters.AddWithValue("?avatarID", item.Owner.ToString()); |
484 | result.Parameters.AddWithValue("?inventoryName", item.Name); | 498 | result.Parameters.AddWithValue("?inventoryName", itemName); |
485 | result.Parameters.AddWithValue("?inventoryDescription", item.Description); | 499 | result.Parameters.AddWithValue("?inventoryDescription", itemDesc); |
486 | result.Parameters.AddWithValue("?inventoryNextPermissions", item.NextPermissions.ToString()); | 500 | result.Parameters.AddWithValue("?inventoryNextPermissions", item.NextPermissions.ToString()); |
487 | result.Parameters.AddWithValue("?inventoryCurrentPermissions", | 501 | result.Parameters.AddWithValue("?inventoryCurrentPermissions", |
488 | item.CurrentPermissions.ToString()); | 502 | item.CurrentPermissions.ToString()); |
@@ -575,13 +589,20 @@ namespace OpenSim.Data.MySQL | |||
575 | "REPLACE INTO inventoryfolders (folderID, agentID, parentFolderID, folderName, type, version) VALUES "; | 589 | "REPLACE INTO inventoryfolders (folderID, agentID, parentFolderID, folderName, type, version) VALUES "; |
576 | sql += "(?folderID, ?agentID, ?parentFolderID, ?folderName, ?type, ?version)"; | 590 | sql += "(?folderID, ?agentID, ?parentFolderID, ?folderName, ?type, ?version)"; |
577 | 591 | ||
592 | string folderName = folder.Name; | ||
593 | if (folderName.Length > 64) | ||
594 | { | ||
595 | folderName = folderName.Substring(0, 64); | ||
596 | m_log.Warn("[INVENTORY DB]: Name field truncated from " + folder.Name.Length + " to " + folderName.Length + " characters on add folder"); | ||
597 | } | ||
598 | |||
578 | database.CheckConnection(); | 599 | database.CheckConnection(); |
579 | 600 | ||
580 | MySqlCommand cmd = new MySqlCommand(sql, database.Connection); | 601 | MySqlCommand cmd = new MySqlCommand(sql, database.Connection); |
581 | cmd.Parameters.AddWithValue("?folderID", folder.ID.ToString()); | 602 | cmd.Parameters.AddWithValue("?folderID", folder.ID.ToString()); |
582 | cmd.Parameters.AddWithValue("?agentID", folder.Owner.ToString()); | 603 | cmd.Parameters.AddWithValue("?agentID", folder.Owner.ToString()); |
583 | cmd.Parameters.AddWithValue("?parentFolderID", folder.ParentID.ToString()); | 604 | cmd.Parameters.AddWithValue("?parentFolderID", folder.ParentID.ToString()); |
584 | cmd.Parameters.AddWithValue("?folderName", folder.Name); | 605 | cmd.Parameters.AddWithValue("?folderName", folderName); |
585 | cmd.Parameters.AddWithValue("?type", (short) folder.Type); | 606 | cmd.Parameters.AddWithValue("?type", (short) folder.Type); |
586 | cmd.Parameters.AddWithValue("?version", folder.Version); | 607 | cmd.Parameters.AddWithValue("?version", folder.Version); |
587 | 608 | ||