* Apply asset and inventory name and description bound checks to MySQL

2 files changed, 40 insertions, 5 deletions

diff --git a/OpenSim/Data/MySQL/MySQLAssetData.cs b/OpenSim/Data/MySQL/MySQLAssetData.cs
index c22f645..26cdd06 100644
--- a/OpenSim/Data/MySQL/MySQLAssetData.cs
+++ b/OpenSim/Data/MySQL/MySQLAssetData.cs
@@ -210,6 +210,20 @@ namespace OpenSim.Data.MySQL
                         "VALUES(?id, ?name, ?description, ?assetType, ?local, ?temporary, ?create_time, ?access_time, ?data)",
                         _dbConnection.Connection);
 
+                string assetName = asset.Name;            
+                if (asset.Name.Length > 64)
+                {
+                    assetName = asset.Name.Substring(0, 64);
+                    m_log.Warn("[ASSET DB]: Name field truncated from " + asset.Name.Length + " to " + assetName.Length + " characters on add");
+                }
+                
+                string assetDescription = asset.Description;
+                if (asset.Description.Length > 64)
+                {
+                    assetDescription = asset.Description.Substring(0, 64);
+                    m_log.Warn("[ASSET DB]: Description field truncated from " + asset.Description.Length + " to " + assetDescription.Length + " characters on add");
+                }
+                
                 // need to ensure we dispose
                 try
                 {
@@ -218,8 +232,8 @@ namespace OpenSim.Data.MySQL
                         // create unix epoch time
                         int now = (int)((DateTime.Now.Ticks - TicksToEpoch) / 10000000);
                         cmd.Parameters.AddWithValue("?id", asset.ID);
-                        cmd.Parameters.AddWithValue("?name", asset.Name);
-                        cmd.Parameters.AddWithValue("?description", asset.Description);
+                        cmd.Parameters.AddWithValue("?name", assetName);
+                        cmd.Parameters.AddWithValue("?description", assetDescription);
                         cmd.Parameters.AddWithValue("?assetType", asset.Type);
                         cmd.Parameters.AddWithValue("?local", asset.Local);
                         cmd.Parameters.AddWithValue("?temporary", asset.Temporary);
diff --git a/OpenSim/Data/MySQL/MySQLInventoryData.cs b/OpenSim/Data/MySQL/MySQLInventoryData.cs
index e48f26a..a4b8663 100644
--- a/OpenSim/Data/MySQL/MySQLInventoryData.cs
+++ b/OpenSim/Data/MySQL/MySQLInventoryData.cs
@@ -471,6 +471,20 @@ namespace OpenSim.Data.MySQL
                     + ", ?inventoryBasePermissions, ?inventoryEveryOnePermissions, ?inventoryGroupPermissions, ?salePrice, ?saleType, ?creationDate"
                     + ", ?groupID, ?groupOwned, ?flags)";
 
+            string itemName = item.Name;            
+            if (item.Name.Length > 64)
+            {
+                itemName = item.Name.Substring(0, 64);
+                m_log.Warn("[INVENTORY DB]: Name field truncated from " + item.Name.Length + " to " + itemName.Length + " characters on add item");
+            }
+            
+            string itemDesc = item.Description;
+            if (item.Description.Length > 128)
+            {
+                itemDesc = item.Description.Substring(0, 128);
+                m_log.Warn("[INVENTORY DB]: Description field truncated from " + item.Description.Length + " to " + itemDesc.Length + " characters on add item");
+            }            
+
             try
             {
                 database.CheckConnection();
@@ -481,8 +495,8 @@ namespace OpenSim.Data.MySQL
                 result.Parameters.AddWithValue("?assetType", item.AssetType.ToString());
                 result.Parameters.AddWithValue("?parentFolderID", item.Folder.ToString());
                 result.Parameters.AddWithValue("?avatarID", item.Owner.ToString());
-                result.Parameters.AddWithValue("?inventoryName", item.Name);
-                result.Parameters.AddWithValue("?inventoryDescription", item.Description);
+                result.Parameters.AddWithValue("?inventoryName", itemName);
+                result.Parameters.AddWithValue("?inventoryDescription", itemDesc);
                 result.Parameters.AddWithValue("?inventoryNextPermissions", item.NextPermissions.ToString());
                 result.Parameters.AddWithValue("?inventoryCurrentPermissions",
                                                item.CurrentPermissions.ToString());
@@ -575,13 +589,20 @@ namespace OpenSim.Data.MySQL
                 "REPLACE INTO inventoryfolders (folderID, agentID, parentFolderID, folderName, type, version) VALUES ";
             sql += "(?folderID, ?agentID, ?parentFolderID, ?folderName, ?type, ?version)";
 
+            string folderName = folder.Name;            
+            if (folderName.Length > 64)
+            {
+                folderName = folderName.Substring(0, 64);
+                m_log.Warn("[INVENTORY DB]: Name field truncated from " + folder.Name.Length + " to " + folderName.Length + " characters on add folder");
+            }         
+
             database.CheckConnection();
 
             MySqlCommand cmd = new MySqlCommand(sql, database.Connection);
             cmd.Parameters.AddWithValue("?folderID", folder.ID.ToString());
             cmd.Parameters.AddWithValue("?agentID", folder.Owner.ToString());
             cmd.Parameters.AddWithValue("?parentFolderID", folder.ParentID.ToString());
-            cmd.Parameters.AddWithValue("?folderName", folder.Name);
+            cmd.Parameters.AddWithValue("?folderName", folderName);
             cmd.Parameters.AddWithValue("?type", (short) folder.Type);
             cmd.Parameters.AddWithValue("?version", folder.Version);