Mirroristas/rathena
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds buy/sell safety check for Market Shops

Browse Source 
* Adds a buy and sell safety check from the Market Shop type.
* Also includes an item validation check when loading items from SQL for Market Shops.
Thanks to @mazvi!
This commit is contained in:
aleos 2023-06-02 15:41:49 -04:00
parent 2c61b336bc
commit 8073c3026a
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/map/npc.cpp
View File

@ -4124,7 +4124,7 @@ static const char* npc_parse_shop(char* w1, char* w2, char* w3, char* w4, const
ShowWarning("npc_parse_shop: Item %s [%u] is being sold for FREE in file '%s', line '%d'.\n",
id->name.c_str(), nameid2, filepath, strline(buffer,start-buffer));
}
if( type == NPCTYPE_SHOP && value*0.75 < id->value_sell*1.24 ) { // Exploit possible: you can buy and sell back with profit
if( (type == NPCTYPE_SHOP || type == NPCTYPE_MARKETSHOP) && value*0.75 < id->value_sell*1.24 ) { // Exploit possible: you can buy and sell back with profit
ShowWarning("npc_parse_shop: Item %s [%u] discounted buying price (%d->%d) is less than overcharged selling price (%d->%d) at file '%s', line '%d'.\n",
id->name.c_str(), nameid2, value, (int)(value*0.75), id->value_sell, (int)(id->value_sell*1.24), filepath, strline(buffer,start-buffer));
}
@ -4924,6 +4924,19 @@ static void npc_market_fromsql(void) {
Sql_GetData(mmysql_handle, 3, &data, NULL); list.qty = atoi(data);
Sql_GetData(mmysql_handle, 4, &data, NULL); list.flag = atoi(data);
std::shared_ptr<item_data> id = item_db.find(list.nameid);
if (id == nullptr) {
ShowWarning("npc_market_fromsql: Invalid sell item in table '%s' (id '%u').\n", market_table, list.nameid);
continue;
}
if (list.value * 0.75 < id->value_sell * 1.24) { // Exploit possible: you can buy and sell back with profit
ShowWarning("npc_market_fromsql: Item %s [%u] discounted buying price (%d->%d) is less than overcharged selling price (%d->%d) in table '%s'. Assigning to current sell value.\n",
id->name.c_str(), list.nameid, list.value, (int)(list.value * 0.75), id->value_sell, (int)(id->value_sell * 1.24), market_table);
list.value = id->value_sell;
}
RECREATE(market->list, struct npc_item_list, market->count+1);
market->list[market->count++] = list;
count++;