summaryrefslogtreecommitdiff
path: root/src/char_sql
diff options
context:
space:
mode:
authorInkfish <Inkfish@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-03-02 09:50:32 +0000
committerInkfish <Inkfish@54d463be-8e91-2dee-dedb-b68131a5f0ec>2010-03-02 09:50:32 +0000
commit32418426965f76a6bafb2dac4ac137ff9c566fe9 (patch)
treeea8b84b2b48b224dd9566205940ac7b31c998863 /src/char_sql
parent60092f3238efb611253cdbd3c1a047b108c24739 (diff)
downloadhercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.gz
hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.bz2
hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.xz
hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.zip
Fixed an exploit where the buyer can end the auction himself.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14255 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/char_sql')
-rw-r--r--src/char_sql/int_auction.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/char_sql/int_auction.c b/src/char_sql/int_auction.c
index 06d37aa0a..a51361789 100644
--- a/src/char_sql/int_auction.c
+++ b/src/char_sql/int_auction.c
@@ -378,6 +378,12 @@ static void mapif_parse_Auction_close(int fd)
return;
}
+ if( auction->seller_id != char_id )
+ {
+ mapif_Auction_close(fd, char_id, 1); // You cannot end the auction
+ return;
+ }
+
if( auction->buyer_id == 0 )
{
mapif_Auction_close(fd, char_id, 1); // You cannot end the auction