Lilia framework discussion | Garry's Mod | Page 1

jovial patrol Feb 16, 2024, 7:44 PM

#

.

#

It is funny how I've found a possible SQL injection in one minute of browsing code:
https://github.com/Lilia-Framework/Lilia/blob/main/lilia/libraries/inventory/server.lua#L86

GitHub

Lilia/lilia/libraries/inventory/server.lua at main · Lilia-Framewor...

Contribute to Lilia-Framework/Lilia development by creating an account on GitHub.

#

function lia.inventory.deleteByID(id)
    lia.db.delete(DATA_TABLE, "_invID = " .. id)
    lia.db.delete(INV_TABLE, "_invID = " .. id)
    lia.db.delete(ITEMS_TABLE, "_invID = " .. id)
    local instance = lia.inventory.instances[id]
    if instance then instance:destroy() end
end

wild nest Feb 16, 2024, 9:10 PM

#

insane wtf

#

it looked like a pretty good codebase from the minimal skimming i did. (im basing this purely off the fact that they were using promises properly in parts, shocking how few gamemodes do this)

the file structure is mad though. literally a billion directories each containing a million sub directories with each containing 1-3 files usually

wild nest Feb 16, 2024, 9:23 PM

#

jovial patrol ```lua function lia.inventory.deleteByID(id) lia.db.delete(DATA_TABLE, "_inv...

in their defence it looks like its only called by server in cases where the ID is a known value

#

still bad though ofc

#Lilia framework discussion