aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorJustin Clarke Casey2009-07-24 19:21:37 +0000
committerJustin Clarke Casey2009-07-24 19:21:37 +0000
commitb67c1f5086fc090781faff7daf01533aa1c368a6 (patch)
tree157f6fb84dccbe6dcacbea69527285f5fe36277f /OpenSim
parent* Apply http://opensimulator.org/mantis/view.php?id=3902 (diff)
downloadopensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.zip
opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.gz
opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.bz2
opensim-SC_OLD-b67c1f5086fc090781faff7daf01533aa1c368a6.tar.xz
* Apply similar bounds checks on name and description fields on MSSQL UpdateAsset
Diffstat (limited to '')
-rw-r--r--OpenSim/Data/MSSQL/MSSQLAssetData.cs31
1 files changed, 25 insertions, 6 deletions
diff --git a/OpenSim/Data/MSSQL/MSSQLAssetData.cs b/OpenSim/Data/MSSQL/MSSQLAssetData.cs
index 1e09c57..a542584 100644
--- a/OpenSim/Data/MSSQL/MSSQLAssetData.cs
+++ b/OpenSim/Data/MSSQL/MSSQLAssetData.cs
@@ -81,7 +81,6 @@ namespace OpenSim.Data.MSSQL
81 } 81 }
82 else 82 else
83 { 83 {
84
85 IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini"); 84 IniFile gridDataMSSqlFile = new IniFile("mssql_connection.ini");
86 string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source"); 85 string settingDataSource = gridDataMSSqlFile.ParseFileReadValue("data_source");
87 string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog"); 86 string settingInitialCatalog = gridDataMSSqlFile.ParseFileReadValue("initial_catalog");
@@ -159,24 +158,28 @@ namespace OpenSim.Data.MSSQL
159 { 158 {
160 return; 159 return;
161 } 160 }
161
162 string sql = @"INSERT INTO assets 162 string sql = @"INSERT INTO assets
163 ([id], [name], [description], [assetType], [local], 163 ([id], [name], [description], [assetType], [local],
164 [temporary], [create_time], [access_time], [data]) 164 [temporary], [create_time], [access_time], [data])
165 VALUES 165 VALUES
166 (@id, @name, @description, @assetType, @local, 166 (@id, @name, @description, @assetType, @local,
167 @temporary, @create_time, @access_time, @data)"; 167 @temporary, @create_time, @access_time, @data)";
168 string assetName = asset.Name; 168
169 string assetName = asset.Name;
169 if (asset.Name.Length > 64) 170 if (asset.Name.Length > 64)
170 { 171 {
171 assetName = asset.Name.Substring(0, 64); 172 assetName = asset.Name.Substring(0, 64);
172 m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length.ToString() + " to " + assetName.Length.ToString() + " characters"); 173 m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add");
173 } 174 }
175
174 string assetDescription = asset.Description; 176 string assetDescription = asset.Description;
175 if (asset.Description.Length > 64) 177 if (asset.Description.Length > 64)
176 { 178 {
177 assetDescription = asset.Description.Substring(0, 64); 179 assetDescription = asset.Description.Substring(0, 64);
178 m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length.ToString() + " to " + assetDescription.Length.ToString() + " characters"); 180 m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add");
179 } 181 }
182
180 using (AutoClosingSqlCommand command = m_database.Query(sql)) 183 using (AutoClosingSqlCommand command = m_database.Query(sql))
181 { 184 {
182 int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000); 185 int now = (int)((System.DateTime.Now.Ticks - m_ticksToEpoch) / 10000000);
@@ -210,11 +213,26 @@ namespace OpenSim.Data.MSSQL
210 string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType, 213 string sql = @"UPDATE assets set id = @id, name = @name, description = @description, assetType = @assetType,
211 local = @local, temporary = @temporary, data = @data 214 local = @local, temporary = @temporary, data = @data
212 WHERE id = @keyId;"; 215 WHERE id = @keyId;";
216
217 string assetName = asset.Name;
218 if (asset.Name.Length > 64)
219 {
220 assetName = asset.Name.Substring(0, 64);
221 m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on update");
222 }
223
224 string assetDescription = asset.Description;
225 if (asset.Description.Length > 64)
226 {
227 assetDescription = asset.Description.Substring(0, 64);
228 m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on update");
229 }
230
213 using (AutoClosingSqlCommand command = m_database.Query(sql)) 231 using (AutoClosingSqlCommand command = m_database.Query(sql))
214 { 232 {
215 command.Parameters.Add(m_database.CreateParameter("id", asset.FullID)); 233 command.Parameters.Add(m_database.CreateParameter("id", asset.FullID));
216 command.Parameters.Add(m_database.CreateParameter("name", asset.Name)); 234 command.Parameters.Add(m_database.CreateParameter("name", assetName));
217 command.Parameters.Add(m_database.CreateParameter("description", asset.Description)); 235 command.Parameters.Add(m_database.CreateParameter("description", assetDescription));
218 command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type)); 236 command.Parameters.Add(m_database.CreateParameter("assetType", asset.Type));
219 command.Parameters.Add(m_database.CreateParameter("local", asset.Local)); 237 command.Parameters.Add(m_database.CreateParameter("local", asset.Local));
220 command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary)); 238 command.Parameters.Add(m_database.CreateParameter("temporary", asset.Temporary));
@@ -279,6 +297,7 @@ namespace OpenSim.Data.MSSQL
279 string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER() 297 string sql = @"SELECT (name,description,assetType,temporary,id), Row = ROW_NUMBER()
280 OVER (ORDER BY (some column to order by)) 298 OVER (ORDER BY (some column to order by))
281 WHERE Row >= @Start AND Row < @Start + @Count"; 299 WHERE Row >= @Start AND Row < @Start + @Count";
300
282 using (AutoClosingSqlCommand command = m_database.Query(sql)) 301 using (AutoClosingSqlCommand command = m_database.Query(sql))
283 { 302 {
284 command.Parameters.Add(m_database.CreateParameter("start", start)); 303 command.Parameters.Add(m_database.CreateParameter("start", start));