fix some errors on escape string

71c3fa84 · nanahira · 673dedd6 · 71c3fa84 · 71c3fa84 · 71c3fa84
Commit 71c3fa84 authored Nov 17, 2020 by nanahira
4 changed files
--- a/data-manager/DataManager.js
+++ b/data-manager/DataManager.js
@@ -230,7 +230,11 @@ class DataManager {
            return [];
        }
    }
+    getEscapedString(text) {
+        return text.replace(/\\/g, "").replace(/_/g, "\\_").replace(/%/g, "\\%") + "%";
+    }
    async getDuelLogFromCondition(data) {
+        //console.log(data);
        if (!data) {
            return this.getAllDuelLogs();
        }
@@ -240,7 +244,7 @@ class DataManager {
            const queryBuilder = repo.createQueryBuilder("duelLog")
                .where("1");
            if (roomName != null && roomName.length) {
-                const escapedRoomName = roomName.replace(/[%_]/g, "") + "%";
+                const escapedRoomName = this.getEscapedString(roomName);
                queryBuilder.andWhere("duelLog.name like :escapedRoomName", { escapedRoomName });
            }
            if (duelCount != null && !isNaN(duelCount)) {
@@ -250,9 +254,9 @@ class DataManager {
                let innerQuery = "select id from duel_log_player where duel_log_player.duelLogId = duelLog.id";
                const innerQueryParams = {};
                if (playerName != null && playerName.length) {
-                    const escapedPlayerName = playerName.replace(/[%_]/g, "") + "%";
-                    innerQuery += " and duel_log_player.escapedPlayerName like :escapedPlayerName";
-                    innerQueryParams.playerRealName = escapedPlayerName;
+                    const escapedPlayerName = this.getEscapedString(playerName);
+                    innerQuery += " and duel_log_player.realName like :escapedPlayerName";
+                    innerQueryParams.escapedPlayerName = escapedPlayerName;
                }
                if (playerScore != null && !isNaN(playerScore)) {
                    innerQuery += " and duel_log_player.score = :playerScore";
@@ -260,9 +264,10 @@ class DataManager {
                }
                queryBuilder.andWhere(`exists (${innerQuery})`, innerQueryParams);
            }
-            const duelLogs = queryBuilder.orderBy("duelLog.id", "DESC")
-                .leftJoinAndSelect("duelLog.players", "player")
-                .getMany();
+            queryBuilder.orderBy("duelLog.id", "DESC")
+                .leftJoinAndSelect("duelLog.players", "player");
+            // console.log(queryBuilder.getSql());
+            const duelLogs = await queryBuilder.getMany();
            return duelLogs;
        }
        catch (e) {

--- a/data-manager/DataManager.ts
+++ b/data-manager/DataManager.ts
@@ -256,7 +256,12 @@ export class DataManager {

 	}

+	private getEscapedString(text: string) {
+		return text.replace(/\\/g, "").replace(/_/g, "\\_").replace(/%/g, "\\%") + "%";
+	}
+
 	async getDuelLogFromCondition(data: DuelLogQuery) {
+		//console.log(data);
 		if(!data) {
 			return this.getAllDuelLogs();
 		}
@@ -266,7 +271,7 @@ export class DataManager {
 			const queryBuilder = repo.createQueryBuilder("duelLog")
 				.where("1");
 			if(roomName != null && roomName.length) {
-				const escapedRoomName = roomName.replace(/[%_]/g, "") + "%";
+				const escapedRoomName = this.getEscapedString(roomName);
 				queryBuilder.andWhere("duelLog.name like :escapedRoomName", { escapedRoomName });
 			}
 			if(duelCount != null && !isNaN(duelCount)) {
@@ -276,9 +281,9 @@ export class DataManager {
 				let innerQuery = "select id from duel_log_player where duel_log_player.duelLogId = duelLog.id";
 				const innerQueryParams: any = {};
 				if(playerName != null && playerName.length) {
-					const escapedPlayerName = playerName.replace(/[%_]/g, "") + "%";
-					innerQuery += " and duel_log_player.escapedPlayerName like :escapedPlayerName";
-					innerQueryParams.playerRealName = escapedPlayerName;
+					const escapedPlayerName = this.getEscapedString(playerName);
+					innerQuery += " and duel_log_player.realName like :escapedPlayerName";
+					innerQueryParams.escapedPlayerName = escapedPlayerName;
 				}
 				if(playerScore != null && !isNaN(playerScore)) {
 					innerQuery += " and duel_log_player.score = :playerScore";
@@ -286,9 +291,10 @@ export class DataManager {
 				}
 				queryBuilder.andWhere(`exists (${innerQuery})`, innerQueryParams);
 			}
-			const duelLogs = queryBuilder.orderBy("duelLog.id", "DESC")
-				.leftJoinAndSelect("duelLog.players", "player")
-				.getMany();
+			queryBuilder.orderBy("duelLog.id", "DESC")
+				.leftJoinAndSelect("duelLog.players", "player");
+			// console.log(queryBuilder.getSql());
+			const duelLogs = await queryBuilder.getMany();
 			return duelLogs;
 		} catch (e) {
 			this.log.warn(`Failed to fetch duel logs: ${e.toString()}`);

--- a/ygopro-server.coffee
+++ b/ygopro-server.coffee
@@ -1908,7 +1908,7 @@ deck_name_match = global.deck_name_match = (deck_name, player_name) ->
 ygopro.ctos_follow 'PLAYER_INFO', true, (buffer, info, client, server, datas)->
  # checkmate use username$password, but here don't
  # so remove the password
-  name_full =info.name.split("$")
+  name_full =info.name.replace(/\\/g, "").split("$")
  name = name_full[0]
  vpass = name_full[1]
  if vpass and !vpass.length
@@ -3644,16 +3644,19 @@ global.rebooted = false
 if true

  getDuelLogQueryFromQs = (qdata) ->
-    ret = {}
-    if(qdata.roomname)
-      ret.roomName = decodeURIComponent(qdata.roomname)
-    if(qdata.duelcount)
-      ret.roomName = parseInt(decodeURIComponent(qdata.duelcount))
-    if(qdata.playername)
-      ret.playerName = decodeURIComponent(qdata.playername)
-    if(qdata.score)
-      ret.playerScore = parseInt(decodeURIComponent(qdata.score))
-    return
+    try
+      ret = {}
+      if(qdata.roomname)
+        ret.roomName = decodeURIComponent(qdata.roomname).trim()
+      if(qdata.duelcount)
+        ret.duelCount = parseInt(decodeURIComponent(qdata.duelcount))
+      if(qdata.playername)
+        ret.playerName = decodeURIComponent(qdata.playername).trim()
+      if(qdata.score)
+        ret.playerScore = parseInt(decodeURIComponent(qdata.score))
+      return ret
+    catch
+      return {}

  addCallback = (callback, text)->
    if not callback then return text

--- a/ygopro-server.js
+++ b/ygopro-server.js
@@ -2563,7 +2563,7 @@
    var banMCRequest, e, geo, lang, name, name_full, struct, vpass;
    // checkmate use username$password, but here don't
    // so remove the password
-    name_full = info.name.split("$");
+    name_full = info.name.replace(/\\/g, "").split("$");
    name = name_full[0];
    vpass = name_full[1];
    if (vpass && !vpass.length) {
@@ -4867,18 +4867,23 @@
  if (true) {
    getDuelLogQueryFromQs = function(qdata) {
      var ret;
-      ret = {};
-      if (qdata.roomname) {
-        ret.roomName = decodeURIComponent(qdata.roomname);
-      }
-      if (qdata.duelcount) {
-        ret.roomName = parseInt(decodeURIComponent(qdata.duelcount));
-      }
-      if (qdata.playername) {
-        ret.playerName = decodeURIComponent(qdata.playername);
-      }
-      if (qdata.score) {
-        ret.playerScore = parseInt(decodeURIComponent(qdata.score));
+      try {
+        ret = {};
+        if (qdata.roomname) {
+          ret.roomName = decodeURIComponent(qdata.roomname).trim();
+        }
+        if (qdata.duelcount) {
+          ret.duelCount = parseInt(decodeURIComponent(qdata.duelcount));
+        }
+        if (qdata.playername) {
+          ret.playerName = decodeURIComponent(qdata.playername).trim();
+        }
+        if (qdata.score) {
+          ret.playerScore = parseInt(decodeURIComponent(qdata.score));
+        }
+        return ret;
+      } catch (error1) {
+        return {};
      }
    };
    addCallback = function(callback, text) {