From 32418426965f76a6bafb2dac4ac137ff9c566fe9 Mon Sep 17 00:00:00 2001
From: Inkfish <Inkfish@54d463be-8e91-2dee-dedb-b68131a5f0ec>
Date: Tue, 2 Mar 2010 09:50:32 +0000
Subject: Fixed an exploit where the buyer can end the auction himself.

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@14255 54d463be-8e91-2dee-dedb-b68131a5f0ec
---
 src/char_sql/int_auction.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/char_sql/int_auction.c b/src/char_sql/int_auction.c
index 06d37aa0a..a51361789 100644
--- a/src/char_sql/int_auction.c
+++ b/src/char_sql/int_auction.c
@@ -378,6 +378,12 @@ static void mapif_parse_Auction_close(int fd)
 		return;
 	}
 
+	if( auction->seller_id != char_id )
+	{
+		mapif_Auction_close(fd, char_id, 1); // You cannot end the auction
+		return;
+	}
+
 	if( auction->buyer_id == 0 )
 	{
 		mapif_Auction_close(fd, char_id, 1); // You cannot end the auction
-- 
cgit v1.2.3-70-g09d2