summaryrefslogtreecommitdiff
path: root/src/map
diff options
context:
space:
mode:
authorepoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec>2012-03-22 12:17:17 +0000
committerepoque11 <epoque11@54d463be-8e91-2dee-dedb-b68131a5f0ec>2012-03-22 12:17:17 +0000
commit8330a9a9d57477484b456244616a923838593e7f (patch)
tree1c6b935fa561ce9ef0db2c718fcac7acb40db469 /src/map
parent5fb385aef1e83cef546ea69b1b06feb00b8e5a73 (diff)
downloadhercules-8330a9a9d57477484b456244616a923838593e7f.tar.gz
hercules-8330a9a9d57477484b456244616a923838593e7f.tar.bz2
hercules-8330a9a9d57477484b456244616a923838593e7f.tar.xz
hercules-8330a9a9d57477484b456244616a923838593e7f.zip
- Fixed party exploit which allowed players to confirm the online status of another player. (bugreport:4863)
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@15763 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/map')
-rw-r--r--src/map/party.c45
1 files changed, 20 insertions, 25 deletions
diff --git a/src/map/party.c b/src/map/party.c
index 52be4e807..4cec238b8 100644
--- a/src/map/party.c
+++ b/src/map/party.c
@@ -337,23 +337,34 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd)
int i,flag=0;
nullpo_ret(sd);
+
if( ( p = party_search(sd->status.party_id) ) == NULL )
return 0;
- if( tsd == NULL) {
- clif_party_inviteack(sd, "", 7);
+
+ // confirm if this player is a party leader
+ ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);
+
+ if( i == MAX_PARTY || !p->party.member[i].leader ) {
+ clif_displaymessage(sd->fd, msg_txt(282));
+ return 0;
+ }
+
+ // confirm if there is an open slot in the party
+ ARR_FIND(0, MAX_PARTY, i, p->party.member[i].account_id == 0);
+
+ if( i == MAX_PARTY ) {
+ clif_party_inviteack(sd, (tsd?tsd->status.name:""), 3);
return 0;
}
- if (!pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY)) {
+ // confirm whether the account has the ability to invite before checking the player
+ if( !pc_has_permission(sd, PC_PERM_PARTY) || !pc_has_permission(tsd, PC_PERM_PARTY) ) {
clif_displaymessage(sd->fd, msg_txt(81)); // "Your GM level doesn't authorize you to preform this action on the specified player."
return 0;
}
-
- //Only leader can invite.
- ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);
- if (i == MAX_PARTY || !p->party.member[i].leader)
- { //TODO: Find the correct reply packet.
- clif_displaymessage(sd->fd, msg_txt(282));
+
+ if( tsd == NULL) {
+ clif_party_inviteack(sd, "", 7);
return 0;
}
@@ -374,22 +385,6 @@ int party_invite(struct map_session_data *sd,struct map_session_data *tsd)
clif_party_inviteack(sd,tsd->status.name,0);
return 0;
}
- for(i=0;i<MAX_PARTY;i++){
- if(p->party.member[i].account_id == 0) //Room for a new member.
- flag = 1;
- /* By default Aegis BLOCKS more than one char from the same account on a party.
- * But eA does support it... so this check is left commented.
- if(p->party.member[i].account_id==tsd->status.account_id)
- {
- clif_party_inviteack(sd,tsd->status.name,4);
- return 0;
- }
- */
- }
- if (!flag) { //Full party.
- clif_party_inviteack(sd,tsd->status.name,3);
- return 0;
- }
tsd->party_invite=sd->status.party_id;
tsd->party_invite_account=sd->status.account_id;