diff options
author | Inkfish <Inkfish@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2010-03-02 09:50:32 +0000 |
---|---|---|
committer | Inkfish <Inkfish@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2010-03-02 09:50:32 +0000 |
commit | 32418426965f76a6bafb2dac4ac137ff9c566fe9 (patch) | |
tree | ea8b84b2b48b224dd9566205940ac7b31c998863 /src/char_sql | |
parent | 60092f3238efb611253cdbd3c1a047b108c24739 (diff) | |
download | hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.gz hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.bz2 hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.tar.xz hercules-32418426965f76a6bafb2dac4ac137ff9c566fe9.zip |
Fixed an exploit where the buyer can end the auction himself.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14255 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/char_sql')
-rw-r--r-- | src/char_sql/int_auction.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/char_sql/int_auction.c b/src/char_sql/int_auction.c index 06d37aa0a..a51361789 100644 --- a/src/char_sql/int_auction.c +++ b/src/char_sql/int_auction.c @@ -378,6 +378,12 @@ static void mapif_parse_Auction_close(int fd) return; } + if( auction->seller_id != char_id ) + { + mapif_Auction_close(fd, char_id, 1); // You cannot end the auction + return; + } + if( auction->buyer_id == 0 ) { mapif_Auction_close(fd, char_id, 1); // You cannot end the auction |