Skip to content

Commit

Permalink
security vulnerability fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@mlus-asuka
mlus-asuka committed May 19, 2024
1 parent 37218c4 commit 201bf95
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/main/java/vip/fubuki/playersync/sync/ChatSync.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
import net.minecraftforge.fml.common.Mod;
import vip.fubuki.playersync.util.JDBCsetUp;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

Expand All @@ -18,7 +20,14 @@ public static void register(){}

@SubscribeEvent
public static void onPlayerChat(net.minecraftforge.event.ServerChatEvent event) throws SQLException {
JDBCsetUp.executeUpdate("INSERT INTO chat (player, message, timestamp) VALUES ('" + event.getUsername() + "', '" + event.getRawText() + "', '" + current + "')");
String sql = "INSERT INTO chat (player, message, timestamp) VALUES (?, ?, ?)";
try (Connection connection = JDBCsetUp.getConnection();
PreparedStatement preparedStatement = connection.prepareStatement(sql)) {
preparedStatement.setString(1, event.getUsername());
preparedStatement.setString(2, event.getRawText());
preparedStatement.setLong(3, current);
preparedStatement.executeUpdate();
}
}

@SubscribeEvent
Expand Down

0 comments on commit 201bf95

Please sign in to comment.