diff options
author | Justin Clarke Casey | 2009-07-24 19:21:37 +0000 |
---|---|---|
committer | Justin Clarke Casey | 2009-07-24 19:21:37 +0000 |
commit | b67c1f5086fc090781faff7daf01533aa1c368a6 (patch) | |
tree | 157f6fb84dccbe6dcacbea69527285f5fe36277f /OpenSim | |
parent | * Apply http://opensimulator.org/mantis/view.php?id=3902 (diff) | |
download | opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.zip opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.gz opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.bz2 opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.xz |
* Apply similar bounds checks on name and description fields on MSSQL UpdateAsset
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Data/MSSQL/MSSQLAssetData.cs | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/OpenSim/Data/MSSQL/MSSQLAssetData.cs b/OpenSim/Data/MSSQL/MSSQLAssetData.cs index 1e09c57..a542584 100644 --- a/OpenSim/Data/MSSQL/MSSQLAssetData.cs +++ b/OpenSim/Data/MSSQL/MSSQLAssetData.cs | |||
@@ -81,7 +81,6 @@ namespace OpenSim.Data.MSSQL | |||
81 | } | 81 | } |
82 | else | 82 | else |
83 | { | 83 | { |
84 | |||
85 | IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini"); | 84 | IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini"); |
86 | string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source"); | 85 | string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source"); |
87 | string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog"); | 86 | string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog"); |
@@ -159,24 +158,28 @@ namespace OpenSim.Data.MSSQL | |||
159 | { | 158 | { |
160 | return; | 159 | return; |
161 | } | 160 | } |
161 | |||
162 | string sql = @"INSERT INTO assets | 162 | string sql = @"INSERT INTO assets |
163 | ([id], [name], [description], [assetType], [local], | 163 | ([id], [name], [description], [assetType], [local], |
164 | [temporary], [create_time], [access_time], [data]) | 164 | [temporary], [create_time], [access_time], [data]) |
165 | VALUES | 165 | VALUES |
166 | (@id, @name, @description, @assetType, @local, | 166 | (@id, @name, @description, @assetType, @local, |
167 | @temporary, @create_time, @access_time, @data)"; | 167 | @temporary, @create_time, @access_time, @data)"; |
168 | string assetName = asset.Name; | 168 | |
169 | string assetName = asset.Name; | ||
169 | if (asset.Name.Length > 64) | 170 | if (asset.Name.Length > 64) |
170 | { | 171 | { |
171 | assetName = asset.Name.Substring(0, 64); | 172 | assetName = asset.Name.Substring(0, 64); |
172 | m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length.ToString() + " to " + assetName.Length.ToString() + " characters"); | 173 | m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add"); |
173 | } | 174 | } |
175 | |||
174 | string assetDescription = asset.Description; | 176 | string assetDescription = asset.Description; |
175 | if (asset.Description.Length > 64) | 177 | if (asset.Description.Length > 64) |
176 | { | 178 | { |
177 | assetDescription = asset.Description.Substring(0, 64); | 179 | assetDescription = asset.Description.Substring(0, 64); |
178 | m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length.ToString() + " to " + assetDescription.Length.ToString() + " characters"); | 180 | m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add"); |
179 | } | 181 | } |
182 | |||
180 | using (AutoClosingSqlCommand command = m_database.Query(sql)) | 183 | using (AutoClosingSqlCommand command = m_database.Query(sql)) |
181 | { | 184 | { |
182 | int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000); | 185 | int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000); |
@@ -210,11 +213,26 @@ namespace OpenSim.Data.MSSQL | |||
210 | string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType, | 213 | string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType, |
211 | local = @local, temporary = @temporary, data = @data | 214 | local = @local, temporary = @temporary, data = @data |
212 | WHERE id = @keyId;"; | 215 | WHERE id = @keyId;"; |
216 | |||
217 | string assetName = asset.Name; | ||
218 | if (asset.Name.Length > 64) | ||
219 | { | ||
220 | assetName = asset.Name.Substring(0, 64); | ||
221 | m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on update"); | ||
222 | } | ||
223 | |||
224 | string assetDescription = asset.Description; | ||
225 | if (asset.Description.Length > 64) | ||
226 | { | ||
227 | assetDescription = asset.Description.Substring(0, 64); | ||
228 | m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on update"); | ||
229 | } | ||
230 | |||
213 | using (AutoClosingSqlCommand command = m_database.Query(sql)) | 231 | using (AutoClosingSqlCommand command = m_database.Query(sql)) |
214 | { | 232 | { |
215 | command.Parameters.Add(m_database.CreateParameter("id", asset.FullID)); | 233 | command.Parameters.Add(m_database.CreateParameter("id", asset.FullID)); |
216 | command.Parameters.Add(m_database.CreateParameter("name", asset.Name)); | 234 | command.Parameters.Add(m_database.CreateParameter("name", assetName)); |
217 | command.Parameters.Add(m_database.CreateParameter("description", asset.Description)); | 235 | command.Parameters.Add(m_database.CreateParameter("description", assetDescription)); |
218 | command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type)); | 236 | command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type)); |
219 | command.Parameters.Add(m_database.CreateParameter("local", asset.Local)); | 237 | command.Parameters.Add(m_database.CreateParameter("local", asset.Local)); |
220 | command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary)); | 238 | command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary)); |
@@ -279,6 +297,7 @@ namespace OpenSim.Data.MSSQL | |||
279 | string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER() | 297 | string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER() |
280 | OVER (ORDER BY (some column to order by)) | 298 | OVER (ORDER BY (some column to order by)) |
281 | WHERE Row >= @Start AND Row < @Start + @Count"; | 299 | WHERE Row >= @Start AND Row < @Start + @Count"; |
300 | |||
282 | using (AutoClosingSqlCommand command = m_database.Query(sql)) | 301 | using (AutoClosingSqlCommand command = m_database.Query(sql)) |
283 | { | 302 | { |
284 | command.Parameters.Add(m_database.CreateParameter("start", start)); | 303 | command.Parameters.Add(m_database.CreateParameter("start", start)); |