fix(Scripts/Commands): Prevent crash if you use doublequotes in go cr… (

#20012) fix(Scripts/Commands): Prevent crash if you use doublequotes in go creature name * closes #20010
azerothcore · Sep 21, 2024 · d227ed9 · d227ed9
1 parent cfd7bf4
commit d227ed9
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/server/scripts/Commands/cs_go.cpp b/src/server/scripts/Commands/cs_go.cpp
@@ -123,7 +123,14 @@ class go_commandscript : public CommandScript
         if (!name.data())
             return false;
 
-        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1" , name.data());
+        // Make sure we don't pass double quotes into the SQL query. Otherwise it causes a MySQL error
+        std::string str = name.data(); // Making subtractions to the last character does not with in string_view
+        if (str.front() == '"')
+            str = str.substr(1);
+        if (str.back() == '"')
+            str = str.substr(0, str.size() - 1);
+
+        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1", str);
         if (!result)
         {
             handler->SendErrorMessage(LANG_COMMAND_GOCREATNOTFOUND);