Mirroristas/rathena
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Fixed party exploit which allowed players to confirm the online status of another player. (bugreport:4863)

Browse Source 
git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@15763 54d463be-8e91-2dee-dedb-b68131a5f0ec
This commit is contained in:
epoque11 2012-03-22 12:17:17 +00:00
parent f8ddb21f74
commit 34336478b5
1 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/map/party.c
View File

@ -337,23 +337,34 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd)
int i,flag=0;
nullpo_ret(sd);
if( ( p = party_search(sd->status.party_id) ) == NULL )
return 0;
if( tsd == NULL) {
clif_party_inviteack(sd, "", 7);
// confirm if this player is a party leader
ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);
if( i == MAX_PARTY || !p->party.member[i].leader ) {
clif_displaymessage(sd->fd, msg_txt(282));
return 0;
}
// confirm if there is an open slot in the party
ARR_FIND(0, MAX_PARTY, i, p->party.member[i].account_id == 0);
if( i == MAX_PARTY ) {
clif_party_inviteack(sd, (tsd?tsd->status.name:""), 3);
return 0;
}
if (!pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY)) {
// confirm whether the account has the ability to invite before checking the player
if( !pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY) ) {
clif_displaymessage(sd->fd, msg_txt(81)); // "Your GM level doesn't authorize you to preform this action on the specified player."
return 0;
}
//Only leader can invite.
ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);
if (i == MAX_PARTY || !p->party.member[i].leader)
{ //TODO: Find the correct reply packet.
clif_displaymessage(sd->fd, msg_txt(282));
if( tsd == NULL) {
clif_party_inviteack(sd, "", 7);
return 0;
}
@ -374,22 +385,6 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd)
clif_party_inviteack(sd,tsd->status.name,0);
return 0;
}
for(i=0;i<MAX_PARTY;i++){
if(p->party.member[i].account_id == 0) //Room for a new member.
flag = 1;
/* By default Aegis BLOCKS more than one char from the same account on a party.
* But eA does support it... so this check is left commented.
if(p->party.member[i].account_id==tsd->status.account_id)
{
clif_party_inviteack(sd,tsd->status.name,4);
return 0;
}
*/
}
if (!flag) { //Full party.
clif_party_inviteack(sd,tsd->status.name,3);
return 0;
}
tsd->party_invite=sd->status.party_id;
tsd->party_invite_account=sd->status.account_id;