[SEVERE] - No sanitize over Logs #69

  • New
  • Defect
Open
Assigned to
View _ForgeUser6983636's Profile
_ForgeUser6983636
  • View _ForgeUser10778759's Profile
    _ForgeUser10778759 created this issue Mar 18, 2013

    What steps will reproduce the problem?
    1. Just send a message with /t with a quote ( ' )
    2. Look your server send errors
    3. Cry

    What is the expected output? What do you see instead?
    Nothing

    What version of the product are you using?
    1.4.7

    Do you have an error log of what happened?
    2013-03-18 15:06:08 [INFO] p02030507111317 issued server command: /t p02030507111317 j'attends
    2013-03-18 15:06:25 [SEVERE] com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'attends', '1363615568', '23', '1011', '63', 'world', '977'),
    ('Gallarion1', 'nul' at line 2
    2013-03-18 15:06:25 [SEVERE]     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    2013-03-18 15:06:25 [SEVERE]     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    2013-03-18 15:06:25 [SEVERE]     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    2013-03-18 15:06:25 [SEVERE]     at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.Util.handleNewInstance(Util.java:407)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.Util.getInstance(Util.java:382)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2620)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1662)
    2013-03-18 15:06:25 [SEVERE]     at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1581)
    2013-03-18 15:06:25 [SEVERE]     at me.arno.blocklog.util.Query.insert(Query.java:320)
    2013-03-18 15:06:25 [SEVERE]     at me.arno.blocklog.util.Query.insert(Query.java:298)
    2013-03-18 15:06:25 [SEVERE]     at me.arno.blocklog.schedules.SaveSchedule.run(SaveSchedule.java:73)
    2013-03-18 15:06:25 [SEVERE]     at java.lang.Thread.run(Thread.java:636)
    2013-03-18 15:06:25 [SEVERE]     at org.bukkit.craftbukkit.v1_4_R1.scheduler.CraftTask.run(CraftTask.java:53)
    2013-03-18 15:06:25 [SEVERE]     at org.bukkit.craftbukkit.v1_4_R1.scheduler.CraftAsyncTask.run(CraftAsyncTask.java:53)
    2013-03-18 15:06:25 [SEVERE]     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    2013-03-18 15:06:25 [SEVERE]     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    2013-03-18 15:06:25 [SEVERE]     at java.lang.Thread.run(Thread.java:636)
    2013-03-18 15:06:30 [INFO] CONSOLE: Stopping the server..

    Please provide any additional information below.
    Just sanitize your commands.

  • View _ForgeUser10778759's Profile
    _ForgeUser10778759     added the tags New Defect Mar 18, 2013

To post a comment, please login or register a new account.