Fixed an exploit where unauthorized GMs can give zeny through auction.

git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@14379 54d463be-8e91-2dee-dedb-b68131a5f0ec

Changelog-Trunk.txt

@@ -3,6 +3,8 @@ Date	Added
 AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO INTO TRUNK.
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
+2010/08/16
+	* Fixed an exploit where unauthorized GMs can give zeny through auction. [Inkfish]
 2010/08/16
 	* Rev. 14378 Attempting to tackle, and fix some simple errors in skills. [L0ne_W0lf]
 	- Stormgust hit counter no longer resets under new casts of stormgust.

src/map/clif.c

@@ -12795,6 +12795,12 @@ void clif_parse_Auction_bid(int fd, struct map_session_data *sd)
 	unsigned int auction_id = RFIFOL(fd,2);
 	int bid = RFIFOL(fd,6);
 
+	if( !pc_can_give_items(pc_isGM(sd)) )
+	{ //They aren't supposed to give zeny [Inkfish]
+		clif_displaymessage(sd->fd, msg_txt(246));
+		return;
+	}
+
 	if( bid <= 0 )
 		clif_Auction_message(fd, 0); // You have failed to bid into the auction
 	else if( bid > sd->status.zeny )