added vender <-> buyer map & distance check

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@9920 54d463be-8e91-2dee-dedb-b68131a5f0ec

2 files changed, 9 insertions, 0 deletions

diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index 680466855..fd02994aa 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,8 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
 2007/02/27
+	* Added map & distance check to vending to prevent WPE hacks. [Lupus]
+		E.g. buying items from WoE castle
 	* Fixed a compiler warning in char_sql\login.c
 	* Minor source documentation/cleanup. [FlavioJS]
 2007/02/26
diff --git a/src/map/vending.c b/src/map/vending.c
index bc3b1c73f..f5d46e25d 100644
--- a/src/map/vending.c
+++ b/src/map/vending.c
@@ -70,6 +70,13 @@ void vending_purchasereq(struct map_session_data *sd,int len,int id,unsigned cha
 		return;
 	if (vsd->vender_id == sd->bl.id)
 		return;
+	if (sd->bl.m != vsd->bl.m || !check_distance_bl(&sd->bl, &vsd->bl, TRADE_DISTANCE)
+	) {
+		clif_buyvending(sd, 0, 32767, 4); // too far [Lupus]
+		//probably... we should add either a hack log / or a proper message. But normal player won't see ie anyway
+		return;
+	}
+
 
 	// check number of buying items
 	if (len < 8 + 4 || len > 8 + 4 * MAX_VENDING) {