Fixed an exploit where unauthorized GMs can give zeny through auction.

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14379 54d463be-8e91-2dee-dedb-b68131a5f0ec

2 files changed, 8 insertions, 0 deletions

diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index f60c56738..b4b9ae837 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,8 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
 2010/08/16
+	* Fixed an exploit where unauthorized GMs can give zeny through auction. [Inkfish]
+2010/08/16
 	* Rev. 14378 Attempting to tackle, and fix some simple errors in skills. [L0ne_W0lf]
 	- Stormgust hit counter no longer resets under new casts of stormgust.
 	- RG_STEALCOIN will now cause the monster to aggro player on success. (bugreport:3547)
diff --git a/src/map/clif.c b/src/map/clif.c
index fd2f61522..3f4b314df 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -12795,6 +12795,12 @@ void clif_parse_Auction_bid(int fd, struct map_session_data *sd)
 	unsigned int auction_id = RFIFOL(fd,2);
 	int bid = RFIFOL(fd,6);
 
+	if( !pc_can_give_items(pc_isGM(sd)) )
+	{ //They aren't supposed to give zeny [Inkfish]
+		clif_displaymessage(sd->fd, msg_txt(246));
+		return;
+	}
+
 	if( bid <= 0 )
 		clif_Auction_message(fd, 0); // You have failed to bid into the auction
 	else if( bid > sd->status.zeny )