fix(Core/Database): prevent crash due to special chars in branch name (#20776)

add prepared statements to escape special characters in branch name

src/server/apps/worldserver/Main.cpp

@@ -467,7 +467,10 @@ bool StartDB()
     ClearOnlineAccounts();
 
     ///- Insert version info into DB
-    WorldDatabase.Execute("UPDATE version SET core_version = '{}', core_revision = '{}'", GitRevision::GetFullVersion(), GitRevision::GetHash());        // One-time query
+    WorldDatabasePreparedStatement* stmt = WorldDatabase.GetPreparedStatement(WORLD_UPD_VERSION);
+    stmt->SetData(0, GitRevision::GetFullVersion());
+    stmt->SetData(1, GitRevision::GetHash());
+    WorldDatabase.Execute(stmt);
 
     sWorld->LoadDBVersion();
 

src/server/database/Database/Implementation/LoginDatabase.cpp

@@ -139,6 +139,8 @@ void LoginDatabaseConnection::DoPrepareStatements()
 
     PrepareStatement(LOGIN_SEL_ACCOUNT_TOTP_SECRET, "SELECT totp_secret FROM account WHERE id = ?", CONNECTION_SYNCH);
     PrepareStatement(LOGIN_UPD_ACCOUNT_TOTP_SECRET, "UPDATE account SET totp_secret = ? WHERE id = ?", CONNECTION_ASYNC);
+
+    PrepareStatement(LOGIN_INS_UPTIME, "INSERT INTO uptime (realmid, starttime, uptime, revision) VALUES (?, ?, 0, ?)", CONNECTION_ASYNC);
 }
 
 LoginDatabaseConnection::LoginDatabaseConnection(MySQLConnectionInfo& connInfo) : MySQLConnection(connInfo)

src/server/database/Database/Implementation/LoginDatabase.h

@@ -119,6 +119,8 @@ enum LoginDatabaseStatements : uint32
     LOGIN_SEL_ACCOUNT_TOTP_SECRET,
     LOGIN_UPD_ACCOUNT_TOTP_SECRET,
 
+    LOGIN_INS_UPTIME,
+
     MAX_LOGINDATABASE_STATEMENTS
 };
 

src/server/database/Database/Implementation/WorldDatabase.cpp

@@ -95,6 +95,7 @@ void WorldDatabaseConnection::DoPrepareStatements()
     PrepareStatement(WORLD_INS_GAMEOBJECT_ADDON, "INSERT INTO gameobject_addon (guid, invisibilityType, invisibilityValue) VALUES (?, 0, 0)", CONNECTION_ASYNC);
     // 0: uint8
     PrepareStatement(WORLD_SEL_REQ_XP, "SELECT Experience FROM player_xp_for_level WHERE Level = ?", CONNECTION_SYNCH);
+    PrepareStatement(WORLD_UPD_VERSION, "UPDATE version SET core_version = ?, core_revision = ?", CONNECTION_ASYNC);
 }
 
 WorldDatabaseConnection::WorldDatabaseConnection(MySQLConnectionInfo& connInfo) : MySQLConnection(connInfo)

src/server/database/Database/Implementation/WorldDatabase.h

@@ -100,6 +100,7 @@ enum WorldDatabaseStatements : uint32
     WORLD_UPD_GAMEOBJECT_ZONE_AREA_DATA,
     WORLD_SEL_REQ_XP,
     WORLD_INS_GAMEOBJECT_ADDON,
+    WORLD_UPD_VERSION,
 
     MAX_WORLDDATABASE_STATEMENTS
 };

src/server/game/World/World.cpp

@@ -2059,8 +2059,11 @@ void World::SetInitialWorldSettings()
     LOG_INFO("server.loading", "Initialize Game Time and Timers");
     LOG_INFO("server.loading", " ");
 
-    LoginDatabase.Execute("INSERT INTO uptime (realmid, starttime, uptime, revision) VALUES ({}, {}, 0, '{}')",
-                           realm.Id.Realm, uint32(GameTime::GetStartTime().count()), GitRevision::GetFullVersion());       // One-time query
+    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_UPTIME);
+    stmt->SetData(0, realm.Id.Realm);
+    stmt->SetData(1, uint32(GameTime::GetStartTime().count()));
+    stmt->SetData(2, GitRevision::GetFullVersion());
+    LoginDatabase.Execute(stmt);
 
     _timers[WUPDATE_WEATHERS].SetInterval(1 * IN_MILLISECONDS);
     _timers[WUPDATE_AUCTIONS].SetInterval(MINUTE * IN_MILLISECONDS);