diff options
author | epoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2012-03-22 12:17:17 +0000 |
---|---|---|
committer | epoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2012-03-22 12:17:17 +0000 |
commit | 8330a9a9d57477484b456244616a923838593e7f (patch) | |
tree | 1c6b935fa561ce9ef0db2c718fcac7acb40db469 | |
parent | 5fb385aef1e83cef546ea69b1b06feb00b8e5a73 (diff) | |
download | hercules-8330a9a9d57477484b456244616a923838593e7f.tar.gz hercules-8330a9a9d57477484b456244616a923838593e7f.tar.bz2 hercules-8330a9a9d57477484b456244616a923838593e7f.tar.xz hercules-8330a9a9d57477484b456244616a923838593e7f.zip |
- Fixed party exploit which allowed players to confirm the online status of another player. (bugreport:4863)
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@15763 54d463be-8e91-2dee-dedb-b68131a5f0ec
-rw-r--r-- | src/map/party.c | 45 |
1 files changed, 20 insertions, 25 deletions
diff --git a/src/map/party.c b/src/map/party.c index 52be4e807..4cec238b8 100644 --- a/src/map/party.c +++ b/src/map/party.c @@ -337,23 +337,34 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd) int i,flag=0; nullpo_ret(sd); + if( ( p = party_search(sd->status.party_id) ) == NULL ) return 0; - if( tsd == NULL) { - clif_party_inviteack(sd, "", 7); + + // confirm if this player is a party leader + ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd); + + if( i == MAX_PARTY || !p->party.member[i].leader ) { + clif_displaymessage(sd->fd, msg_txt(282)); + return 0; + } + + // confirm if there is an open slot in the party + ARR_FIND(0, MAX_PARTY, i, p->party.member[i].account_id == 0); + + if( i == MAX_PARTY ) { + clif_party_inviteack(sd, (tsd?tsd->status.name:""), 3); return 0; } - if (!pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY)) { + // confirm whether the account has the ability to invite before checking the player + if( !pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY) ) { clif_displaymessage(sd->fd, msg_txt(81)); // "Your GM level doesn't authorize you to preform this action on the specified player." return 0; } - - //Only leader can invite. - ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd); - if (i == MAX_PARTY || !p->party.member[i].leader) - { //TODO: Find the correct reply packet. - clif_displaymessage(sd->fd, msg_txt(282)); + + if( tsd == NULL) { + clif_party_inviteack(sd, "", 7); return 0; } @@ -374,22 +385,6 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd) clif_party_inviteack(sd,tsd->status.name,0); return 0; } - for(i=0;i<MAX_PARTY;i++){ - if(p->party.member[i].account_id == 0) //Room for a new member. - flag = 1; - /* By default Aegis BLOCKS more than one char from the same account on a party. - * But eA does support it... so this check is left commented. - if(p->party.member[i].account_id==tsd->status.account_id) - { - clif_party_inviteack(sd,tsd->status.name,4); - return 0; - } - */ - } - if (!flag) { //Full party. - clif_party_inviteack(sd,tsd->status.name,3); - return 0; - } tsd->party_invite=sd->status.party_id; tsd->party_invite_account=sd->status.account_id; |