From b4f4f8b9a1118777e1e18598bc3053dd45eec907 Mon Sep 17 00:00:00 2001
From: Gurkengewuerz <niklas@schuetrumpf.net>
Date: Thu, 16 Mar 2023 13:34:56 +0100
Subject: [PATCH] feat: escape more strings and remove non known characters

---
 assets/translation/SQLGenerator.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/assets/translation/SQLGenerator.py b/assets/translation/SQLGenerator.py
index 634f37b..51abd53 100644
--- a/assets/translation/SQLGenerator.py
+++ b/assets/translation/SQLGenerator.py
@@ -1,4 +1,23 @@
 import json
+import sys
+
+# this is dumb but easier than a mariadb python dependency
+def sqlescape(str):
+    return str.translate(
+    str.maketrans({
+        "\0": "\\0",
+        "\r": "\\r",
+        "\x08": "\\b",
+        "\x09": "\\t",
+        "\x1a": "\\z",
+        "\n": "\\n",
+        "\r": "\\r",
+        "\"": "",
+        "'": "",
+        "\\": "\\\\",
+        "%": "\\%"
+    }))
+
 
 todo_types = ["roomitemtypes", "wallitemtypes"]
 
@@ -11,6 +30,8 @@ with open("catalog_items.sql", "w", encoding='utf-8') as f:
         for furni in data[todo_type]["furnitype"]:
             furni_id = furni["id"]
             if furni["name"]:
-                furni_name = furni["name"].replace("'", "''").strip()[:55]
+                # get rid of any unwanted characters for sql and remove non latin-1 characters
+                # check the collation of the table
+                furni_name = sqlescape(furni["name"][:55]).encode("latin-1", "ignore").decode("utf-8")
                 f.write(f"UPDATE catalog_items SET catalog_name = '{furni_name}' WHERE item_ids = '{furni_id}';\n")
                 #f.write(f"UPDATE items_base SET public_name = '{furni_name}' WHERE id = '{furni_id}';\n")