Sitemize reklam vermek için [email protected] adresine mail atabilirsiniz
For Advertising Contact [email protected]


Gunz Private Server Yama Kütüphanesi / Patch Library / Tüm Bug ve Açıkların Listesi - Türkçe

ßyMesMes

Sıradışı Moderatör
Telefon Numarası Onaylanmış Üye TC Kimlik Numarası Doğrulanmış Üye
Site Yetkilisi
Süper Moderatör
Paylaşımcı
Ticaret - 0%
0   0   0
Katılım
2 Ağu 2010
Mesajlar
16,656
Beğeniler
1,248
MmoLira
34
DevLira
0
#1

Turkmmo Resmi Serverı Elym2, 10. Yılına Özel 1-120 Farm Serverı 18 Ocak Cuma 7000+ Online İle Açıldı! HEMEN KAYIT OLMAK İÇİN TIKLAYIN



Merhaba TurkMMO.com okurları, gördüğüm kadarıyla insanlar hala bu oyunu oynamaktan zevk alıyor. Oyun hala ölmedi ve ben server kurmak istiyorum diyenler için size bu konuyu açıyorum.



İşte bu kütüphanede yer alan açıkların tam listesi:


  • 1. MC_NET_CLEAR exploit
  • Bu paket, mevcut olmayan bir MUID kullanarak sunucuyu kilitlemek için kullanılabilir.
  • 2. MC_NET_ECHO exploit
  • Bu paket, eş paket olarak yönlendirilirse, bir oyuncuya mesaj göndermek için kullanılabilir.
  • 3. MC_MATCH_LOGIN_FROM_DBAGENT_FAILED exploit
  • Geçerli bir MUID sağlanmışsa, bu oynatıcı bağlantısı kesilecektir.
  • 4. MC_PEER_BUFF_INFO exploit
  • Bu, yığın taşmasına neden olan büyük bir döngü oluşturacaktır. (server çöker)
  • 5. MC_MATCH_REGISTERAGENT exploit
  • IP parametresi hatalı biçimlendirilmişse MatchServer'ı çökertmek için kullanılabilir.
  • 6. MC_NET_BANPLAYER_FLOODING exploit
  • Exploit 3'ün aynısı
  • 7. MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME exploit
  • Bir hacker herhangi bir oyuncuyu bir düello turnuvasına katılma izni verir.
  • 8. MC_MATCH_DUELTOURNAMENT_REQUEST_CANCELGAME exploit
  • Bir hacker'ın herhangi bir oyuncuyu ikili turnuvadan çıkarmasına izin verir.
  • 9. MC_MATCH_DUELTOURNAMENT_REQUEST_SIDERANKING_INFO exploit
  • Zararsız bir exploit.
  • 10. MC_MATCH_DUELTOURNAMENT_GAME_PLAYER_STATUS exploit
  • 7. ve 8. exploit'e benzer bir açık.
  • 11. MC_MATCH_CHANNEL_REQUEST_PLAYER_LIST exploit
  • Zararsız bir exploit.
  • 12. MC_MATCH_REQUEST_MY_SIMPLE_CHARINFO exploit
  • Bir hackerın herhangi bir karakterdeki karakter bilgilerini almasına izin verir.
  • 13. MC_NET_DISCONNECT exploit
  • Bu paket eş bir paket olarak yönlendirilirse, müzikçaların bağlantısı kesilir.
  • 14. MC_LOCAL_ECHO exploit
  • Exploit 2'nin aynısı.
  • 15. MC_MATCH_LOGIN exploit
  • Bir hacker, MD5 istemci karmasını hatalı biçimlendirerek MatchServer'ınızı çökmesine izin verir.
  • 16. ZGame exploit
  • Bir hacker'ın başka bir oyuncunun client'ine çarpmasına izin verir.
  • 17 - 27 SQL exploits
  • En kötüsü bu. Hacker tüm database'inize sızabilir.

Efsane:

  • High risk
  • Medium risk
  • Low risk

Uygun düzeltmeleri bulmak ve uygulamak için aşağı kaydırın.

1.

CSCommon > MServer.cpp

Bul:
PHP:
    case MC_NET_CLEAR:
       {
           MUID uid;
           if (pCommand->GetParameter(&uid, 0, MPT_UID)==false) break;
           OnNetClear(uid);
           return true;
       }
       break;
Değiştir:
PHP:
     case MC_NET_CLEAR:
       {
           if (pCommand->GetSenderUID() != MUID(0, 2)) {
               // Not sent by server
               break;
           }

           MUID uid;
           if (pCommand->GetParameter(&uid, 0, MPT_UID)==false) break;
           OnNetClear(uid);
           return true;
       }
       break;
2.

CSCommon > MClient.cpp

Bul:
PHP:
        case MC_NET_ECHO:
           if(pCommand->GetParameter(szMessage, 0, MPT_STR, sizeof(szMessage) )==false) break;
           OutputMessage(szMessage, MZMOM_LOCALREPLY);
           break;
Replace with:
PHP:
        case MC_NET_ECHO:
           //if(pCommand->GetParameter(szMessage, 0, MPT_STR, sizeof(szMessage) )==false) break;
           //OutputMessage(szMessage, MZMOM_LOCALREPLY);
           break;
3.

CSCommon > MMatchServer__OnCommand.cpp

Bul:
PHP:
        case MC_MATCH_LOGIN_FROM_DBAGENT_FAILED:
           {
               MUID CommUID;
               int nResult;

               if (pCommand->GetParameter(&CommUID,    0, MPT_UID)==false) break;
               if (pCommand->GetParameter(&nResult,    1, MPT_INT)==false) break;

               OnMatchLoginFailedFromDBAgent(CommUID, nResult);
           }
           break;
Replace with:
PHP:
        case MC_MATCH_LOGIN_FROM_DBAGENT_FAILED:
           {
               /*MUID CommUID;
               int nResult;

               if (pCommand->GetParameter(&CommUID,    0, MPT_UID)==false) break;
               if (pCommand->GetParameter(&nResult,    1, MPT_INT)==false) break;

               OnMatchLoginFailedFromDBAgent(CommUID, nResult);*/
           }
           break;
4.

Gunz > ZGame.cpp

Bul:
PHP:
void ZGame::OnPeerBuffInfo(const MUID& uidSender, void* pBlobBuffInfo)
{
   if (uidSender == ZGetMyUID()) return;

   ZCharacter* pSender = ZGetCharacterManager()->Find(uidSender);
   if (!pSender) return;
   if (!pBlobBuffInfo) return;

   MTD_BuffInfo* pBuffInfo = NULL;
   int numElem = MGetBlobArrayCount(pBlobBuffInfo);
   
   for (int i=0; i<numElem; ++i)
   {
       pBuffInfo = (MTD_BuffInfo*)MGetBlobArrayElement(pBlobBuffInfo, i);

       ApplyPotion(pBuffInfo->nItemId, pSender, (float)pBuffInfo->nRemainedTime);
   }
}
Replace with:
PHP:
void ZGame::OnPeerBuffInfo(const MUID& uidSender, void* pBlobBuffInfo)
{
   if (uidSender == ZGetMyUID()) return;

   ZCharacter* pSender = ZGetCharacterManager()->Find(uidSender);
   if (!pSender) return;
   if (!pBlobBuffInfo) return;

   MTD_BuffInfo* pBuffInfo = NULL;
   int numElem = MGetBlobArrayCount(pBlobBuffInfo);
   
   // patch
   if (MGetBlobArraySize(pBlobBuffInfo) != (8 + (sizeof(MTD_BuffInfo) * numElem))) {
       return;
   }
   
   for (int i=0; i<numElem; ++i)
   {
       pBuffInfo = (MTD_BuffInfo*)MGetBlobArrayElement(pBlobBuffInfo, i);

       ApplyPotion(pBuffInfo->nItemId, pSender, (float)pBuffInfo->nRemainedTime);
   }
}
5.

CSCommon > MMatchServer__OnCommand.cpp

Bul:
PHP:
        case MC_MATCH_REGISTERAGENT:
           {
               char szIP[128];
               int nTCPPort, nUDPPort;

               if (pCommand->GetParameter(&szIP, 0, MPT_STR, sizeof(szIP) ) == false) break;
               if (pCommand->GetParameter(&nTCPPort, 1, MPT_INT) == false) break;
               if (pCommand->GetParameter(&nUDPPort, 2, MPT_INT) == false) break;

               OnRegisterAgent(pCommand->GetSenderUID(), szIP, nTCPPort, nUDPPort);
           }
Replace with:
PHP:
        case MC_MATCH_REGISTERAGENT:
           {
               char szIP[128];
               int nTCPPort, nUDPPort;

               if (pCommand->GetParameter(&szIP, 0, MPT_STR, sizeof(szIP) ) == false) break;
               if (pCommand->GetParameter(&nTCPPort, 1, MPT_INT) == false) break;
               if (pCommand->GetParameter(&nUDPPort, 2, MPT_INT) == false) break;

               // Not the best way to patch, but working for now
               if (strstr(szIP, "%")) {
                   break;
               }
               
               OnRegisterAgent(pCommand->GetSenderUID(), szIP, nTCPPort, nUDPPort);
           }
6.

CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_NET_BANPLAYER_FLOODING :
           {
               MUID uidPlayer;
               
               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               if (MGetServerConfig()->IsUseBlockFlooding())
               {
                   MMatchObject* pObj = GetObject( uidPlayer );
                   if( pObj && pObj->GetDisconnStatusInfo().GetStatus() == MMDS_CONNECTED)
                   {
                       if( pObj->GetAccountName() ) {
                           LOG(LOG_PROG,"Ban Player On Flooding - (MUID:%d%d, ID:%s)"
                               , uidPlayer.High, uidPlayer.Low, pObj->GetAccountName());
                       } else {
                           LOG(LOG_PROG,"Ban Player On Flooding - (MUID:%d%d, ID:%s)"
                               , uidPlayer.High, uidPlayer.Low);
                       }
                       
                       pObj->DisconnectHacker( MMHT_COMMAND_FLOODING );
                   }
                   else
                   {
                       LOG(LOG_PROG,"Ban Player On Flooding - Can't Find Object");
                   }
               }
           }
           break;
Replace with:
PHP:
        case MC_NET_BANPLAYER_FLOODING :
           {
               /*MUID uidPlayer;
               
               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               if (MGetServerConfig()->IsUseBlockFlooding())
               {
                   MMatchObject* pObj = GetObject( uidPlayer );
                   if( pObj && pObj->GetDisconnStatusInfo().GetStatus() == MMDS_CONNECTED)
                   {
                       if( pObj->GetAccountName() ) {
                           LOG(LOG_PROG,"Ban Player On Flooding - (MUID:%d%d, ID:%s)"
                               , uidPlayer.High, uidPlayer.Low, pObj->GetAccountName());
                       } else {
                           LOG(LOG_PROG,"Ban Player On Flooding - (MUID:%d%d, ID:%s)"
                               , uidPlayer.High, uidPlayer.Low);
                       }
                       
                       pObj->DisconnectHacker( MMHT_COMMAND_FLOODING );
                   }
                   else
                   {
                       LOG(LOG_PROG,"Ban Player On Flooding - Can't Find Object");
                   }
               }*/
           }
           break;
7.

CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME :
           {
               MUID uidPlayer;
               MDUELTOURNAMENTTYPE nType;

               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&nType, 1, MPT_INT);

               if( MGetServerConfig()->IsEnabledDuelTournament() )    {
                   ResponseDuelTournamentJoinChallenge(uidPlayer, nType);
               }

           }
           break;
Replace with:
PHP:
        case MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME :
           {
               //MUID uidPlayer;
               MDUELTOURNAMENTTYPE nType;

               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&nType, 1, MPT_INT);

               if( MGetServerConfig()->IsEnabledDuelTournament() )    {
                   ResponseDuelTournamentJoinChallenge(pCommand->GetSenderUID(), nType);
               }

           }
           break;
8.
CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_DUELTOURNAMENT_REQUEST_CANCELGAME :
           {
               MUID uidPlayer;
               MDUELTOURNAMENTTYPE nType;

               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&nType, 1, MPT_INT);

               if( MGetServerConfig()->IsEnabledDuelTournament() )    {
                   ResponseDuelTournamentCancelChallenge(uidPlayer, nType);
               }
           }
           break;
Replace with:
PHP:
        case MC_MATCH_DUELTOURNAMENT_REQUEST_CANCELGAME :
           {
               //MUID uidPlayer;
               MDUELTOURNAMENTTYPE nType;

               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&nType, 1, MPT_INT);

               if( MGetServerConfig()->IsEnabledDuelTournament() )    {
                   ResponseDuelTournamentCancelChallenge(pCommand->GetSenderUID(), nType);
               }
           }
           break;
9.
CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
       case MC_MATCH_DUELTOURNAMENT_REQUEST_SIDERANKING_INFO :
           {
               MUID uidPlayer;

               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);

               if( MGetServerConfig()->IsEnabledDuelTournament() ){
                   ResponseDuelTournamentCharSideRanking(uidPlayer);
               }
           }
           break;
Replace with:
PHP:
        case MC_MATCH_DUELTOURNAMENT_REQUEST_SIDERANKING_INFO :
           {
               //MUID uidPlayer;

               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);

               if( MGetServerConfig()->IsEnabledDuelTournament() ){
                   ResponseDuelTournamentCharSideRanking(pCommand->GetSenderUID());
               }
           }
           break;
10.
CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_DUELTOURNAMENT_GAME_PLAYER_STATUS :
           {
               MUID uidPlayer;
               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);

               if( MGetServerConfig()->IsEnabledDuelTournament() ){
                   ResponseDuelTournamentCharStatusInfo(uidPlayer, pCommand);
               }
           }
           break;
Replace with:
PHP:
        case MC_MATCH_DUELTOURNAMENT_GAME_PLAYER_STATUS :
           {
               //MUID uidPlayer;
               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);

               if( MGetServerConfig()->IsEnabledDuelTournament() ){
                   ResponseDuelTournamentCharStatusInfo(pCommand->GetSenderUID(), pCommand);
               }
           }
           break;
11.
CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_CHANNEL_REQUEST_PLAYER_LIST:
           {
               MUID uidPlayer, uidChannel;
               int nPage;

               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&uidChannel, 1, MPT_UID);
               pCommand->GetParameter(&nPage, 2, MPT_INT);

               OnChannelRequestPlayerList(uidPlayer, uidChannel, nPage);
           }
           break;
Replace with:
PHP:
        case MC_MATCH_CHANNEL_REQUEST_PLAYER_LIST:
           {
               MUID /*uidPlayer, */uidChannel;
               int nPage;

               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               pCommand->GetParameter(&uidChannel, 1, MPT_UID);
               pCommand->GetParameter(&nPage, 2, MPT_INT);

               OnChannelRequestPlayerList(pCommand->GetSenderUID(), uidChannel, nPage);
           }
           break;
12.
CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_REQUEST_MY_SIMPLE_CHARINFO:
           {
               MUID uidPlayer;
               pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               OnRequestMySimpleCharInfo(uidPlayer);
           }
           break;
Replace with:
PHP:
        case MC_MATCH_REQUEST_MY_SIMPLE_CHARINFO:
           {
               //MUID uidPlayer;
               //pCommand->GetParameter(&uidPlayer, 0, MPT_UID);
               OnRequestMySimpleCharInfo(pCommand->GetSenderUID());
           }
           break;
13.
CSCommon > MClient.cpp

Find:
PHP:
case MC_NET_DISCONNECT:
           Disconnect(m_Server);
           break;
Replace with:
PHP:
        case MC_NET_DISCONNECT: 
       {
           if (pCommand->GetSenderUID() != GetUID()) {
               // Packet wasn't generated by our own client
               break;
           }

           Disconnect(m_Server);
           break; 
       }
14.
CSCommon > MClient.cpp

Find:
PHP:
        case MC_LOCAL_ECHO:
           if(pCommand->GetParameter(szMessage, 0, MPT_STR, sizeof(szMessage))==false) break;
           OutputMessage(szMessage, MZMOM_LOCALREPLY);
           break;
Replace with:
PHP:
        case MC_LOCAL_ECHO:
           //if(pCommand->GetParameter(szMessage, 0, MPT_STR, sizeof(szMessage))==false) break;
           //OutputMessage(szMessage, MZMOM_LOCALREPLY);
           break;
15.

CSCommon > MMatchServer__OnCommand.cpp

Find:
PHP:
        case MC_MATCH_LOGIN:
           {
               char szUserID[ MAX_USERID_STRING_LEN ];
               char szPassword[ MAX_USER_PASSWORD_STRING_LEN ];
               int nCommandVersion = 0;
               unsigned long nChecksumPack = 0;
               if (pCommand->GetParameter(szUserID, 0, MPT_STR, MAX_USERID_STRING_LEN )==false) break;
               if (pCommand->GetParameter(szPassword, 1, MPT_STR, MAX_USER_PASSWORD_STRING_LEN )==false) break;
               if (pCommand->GetParameter(&nCommandVersion, 2, MPT_INT)==false) break;
               if (pCommand->GetParameter(&nChecksumPack, 3, MPT_UINT)==false) break;
               MCommandParameter* pLoginParam = pCommand->GetParameter(4);
               if (pLoginParam->GetType() != MPT_BLOB) break;
               void *pLoginBlob = pLoginParam->GetPointer();
               if( NULL == pLoginBlob )
               {
                   // Hacker°¡ BlobÀÇ Å©±â¸¦ Á¶Á¤Çϸé MCommand¸¦ ¸¸µé¶§ Blobµ¥ÀÌÅÍ°¡ NULLÆ÷ÀÎÅ͸¦ °¡Áú¼ö ÀÖ´Ù.
                   break;
               }
               char *szEncryptMD5Value = (char *)MGetBlobArrayElement(pLoginBlob, 0);
               
               OnMatchLogin(pCommand->GetSenderUID(), szUserID, szPassword, nCommandVersion, nChecksumPack, szEncryptMD5Value);
           }
           break;
Replace with:
PHP:
        case MC_MATCH_LOGIN:
           {
               char szUserID[ MAX_USERID_STRING_LEN ];
               char szPassword[ MAX_USER_PASSWORD_STRING_LEN ];
               int nCommandVersion = 0;
               unsigned long nChecksumPack = 0;
               if (pCommand->GetParameter(szUserID, 0, MPT_STR, MAX_USERID_STRING_LEN )==false) break;
               if (pCommand->GetParameter(szPassword, 1, MPT_STR, MAX_USER_PASSWORD_STRING_LEN )==false) break;
               if (pCommand->GetParameter(&nCommandVersion, 2, MPT_INT)==false) break;
               if (pCommand->GetParameter(&nChecksumPack, 3, MPT_UINT)==false) break;
               MCommandParameter* pLoginParam = pCommand->GetParameter(4);
               if (pLoginParam->GetType() != MPT_BLOB) break;
               void *pLoginBlob = pLoginParam->GetPointer();
               if( NULL == pLoginBlob )
               {
                   // Hacker°¡ BlobÀÇ Å©±â¸¦ Á¶Á¤Çϸé MCommand¸¦ ¸¸µé¶§ Blobµ¥ÀÌÅÍ°¡ NULLÆ÷ÀÎÅ͸¦ °¡Áú¼ö ÀÖ´Ù.
                   break;
               }
               
               // Patch
               if (MGetBlobArraySize(pLoginBlob) != (8 + MAX_MD5LENGH)) {
                   break;
               }
               
               char *szEncryptMD5Value = (char *)MGetBlobArrayElement(pLoginBlob, 0);
               
               OnMatchLogin(pCommand->GetSenderUID(), szUserID, szPassword, nCommandVersion, nChecksumPack, szEncryptMD5Value);
           }
           break;
16.

Gunz > ZGame.cpp

Find:
PHP:
int ZGame::SelectSlashEffectMotion(ZCharacter* pCharacter)
{
   if(pCharacter==NULL) return SEM_None;
Replace with:
PHP:
int ZGame::SelectSlashEffectMotion(ZCharacter* pCharacter)
{
   if(pCharacter==NULL || pCharacter->GetSelectItemDesc() == NULL) return SEM_None;
17 - 27 are all located within CSCommon > MMatchCDMgr.cpp

17.

Find:
PHP:
strSQL.Format(g_szDB_GET_LOGININFO, szUserID);
Replace with:
PHP:
    string strUserID = m_DBFilter.Filtering( string(szUserID) );
   strSQL.Format(g_szDB_GET_LOGININFO, &strUserID[0]);
18.

Find:
PHP:
strSQL.Format(g_szDB_GET_LOGININFO_NETMARBLE2, szUserID, poutPassword);
Replace with:
PHP:
    string strUserID = m_DBFilter.Filtering( string(szUserID) );
   strSQL.Format(g_szDB_GET_LOGININFO_NETMARBLE2, &strUserID[0], poutPassword);
19.

Find:
PHP:
strSQL.Format(g_szDB_CREATE_ACCOUNT, szUserID, szPassword, nCert, szName, nAge, nSex);
Replace with:
PHP:
        string strUserID = m_DBFilter.Filtering( string(szUserID) );
       string strPassword = m_DBFilter.Filtering( string(szPassword) );
       string strName = m_DBFilter.Filtering( string(szName) );
       strSQL.Format(g_szDB_CREATE_ACCOUNT, &strUserID[0], &strPassword[0], nCert, &strName[0], nAge, nSex);
20.

Find:
PHP:
strSQL.Format(g_szDB_CREATE_ACCOUNT_NETMARBLE, szUserID, szPassword, nAge, nSex, nCCode);
Replace with:
PHP:
    string strUserID = m_DBFilter.Filtering( string(szUserID) );
   string strPassword = m_DBFilter.Filtering( string(szPassword) );    
   strSQL.Format(g_szDB_CREATE_ACCOUNT_NETMARBLE, &strUserID[0], &strPassword[0], nAge, nSex, nCCode);
21.

Find:
PHP:
strSQL.Format( g_szCheckDuplicateCharName, szNewName );
Replace with:
PHP:
        string strNewName = m_DBFilter.Filtering( string(szNewName) );
       strSQL.Format( g_szCheckDuplicateCharName, &strNewName[0] );
22.

Find:
PHP:
strSQL.Format(g_szDB_CREATE_CHAR, nAID, nCharIndex, szNewName,  nSex, nHair, nFace, nCostume);
PHP:
        string strNewName = m_DBFilter.Filtering( string(szNewName) );
       strSQL.Format(g_szDB_CREATE_CHAR, nAID, nCharIndex, &strNewName[0],  nSex, nHair, nFace, nCostume);
23.

Find:
PHP:
strSQL.Format(g_szDB_DELETE_CHAR, nAID, nCharIndex, szCharName);
Replace with:
PHP:
    string strCharName = m_DBFilter.Filtering( string(szCharName) );
   strSQL.Format(g_szDB_DELETE_CHAR, nAID, nCharIndex, &strCharName[0]);
24.

Find:
PHP:
strSQL.Format(g_szDB_UPDATE_LAST_CONNDATE, szIP, szUserID);
Replace with:
PHP:
        string strUserID = m_DBFilter.Filtering( string(szUserID) );
       strSQL.Format(g_szDB_UPDATE_LAST_CONNDATE, szIP, &strUserID[0]);
25.

Find:
PHP:
strSQL.Format(g_szDB_CREATE_CLAN, szClanName, nMasterCID, nMember1CID, nMember2CID, nMember3CID, nMember4CID);
Replace with:
PHP:
    string strClanName = m_DBFilter.Filtering( string(szClanName) );
   strSQL.Format(g_szDB_CREATE_CLAN, &strClanName[0], nMasterCID, nMember1CID, nMember2CID, nMember3CID, nMember4CID);
26.

Find:
PHP:
strSQL.Format(g_szDB_RESERVE_CLOSE_CLAN, nCLID, szClanName, nMasterCID, strDeleteDate.c_str() );
Replace with:
PHP:
        string strClanName = m_DBFilter.Filtering( string(szClanName) );
       strSQL.Format(g_szDB_RESERVE_CLOSE_CLAN, nCLID, &strClanName[0], nMasterCID, strDeleteDate.c_str() );
27.

Find:
PHP:
strSQL.Format(g_szDB_EXPEL_CLAN_MEMBER, nCLID, nAdminGrade, szMember);
Replace with:
PHP:
    string strMember = m_DBFilter.Filtering( string(szMember) );
   strSQL.Format(g_szDB_EXPEL_CLAN_MEMBER, nCLID, nAdminGrade, &strMember[0]);
 
Üst