From d227ed91c20f147686f9735bfab1455c5f8966fc Mon Sep 17 00:00:00 2001
From: Kitzunu <24550914+Kitzunu@users.noreply.github.com>
Date: Sat, 21 Sep 2024 23:30:58 +0200
Subject: [PATCH] =?UTF-8?q?fix(Scripts/Commands):=20Prevent=20crash=20if?=
 =?UTF-8?q?=20you=20use=20doublequotes=20in=20go=20cr=E2=80=A6=20(#20012)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix(Scripts/Commands): Prevent crash if you use doublequotes in go creature name

* closes https://github.com/azerothcore/azerothcore-wotlk/issues/20010
---
 src/server/scripts/Commands/cs_go.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/server/scripts/Commands/cs_go.cpp b/src/server/scripts/Commands/cs_go.cpp
index 4169428fe..b533d14d5 100644
--- a/src/server/scripts/Commands/cs_go.cpp
+++ b/src/server/scripts/Commands/cs_go.cpp
@@ -123,7 +123,14 @@ public:
         if (!name.data())
             return false;
 
-        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1" , name.data());
+        // Make sure we don't pass double quotes into the SQL query. Otherwise it causes a MySQL error
+        std::string str = name.data(); // Making subtractions to the last character does not with in string_view
+        if (str.front() == '"')
+            str = str.substr(1);
+        if (str.back() == '"')
+            str = str.substr(0, str.size() - 1);
+
+        QueryResult result = WorldDatabase.Query("SELECT entry FROM creature_template WHERE name = \"{}\" LIMIT 1", str);
         if (!result)
         {
             handler->SendErrorMessage(LANG_COMMAND_GOCREATNOTFOUND);