diff options
| -rw-r--r-- | Changelog-Trunk.txt | 2 | ||||
| -rw-r--r-- | src/map/vending.c | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index 680466855..fd02994aa 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,8 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK. 2007/02/27 + * Added map & distance check to vending to prevent WPE hacks. [Lupus] + E.g. buying items from WoE castle * Fixed a compiler warning in char_sql\login.c * Minor source documentation/cleanup. [FlavioJS] 2007/02/26 diff --git a/src/map/vending.c b/src/map/vending.c index bc3b1c73f..f5d46e25d 100644 --- a/src/map/vending.c +++ b/src/map/vending.c @@ -70,6 +70,13 @@ void vending_purchasereq(struct map_session_data *sd,int len,int id,unsigned cha return; if (vsd->vender_id == sd->bl.id) return; + if (sd->bl.m != vsd->bl.m || !check_distance_bl(&sd->bl, &vsd->bl, TRADE_DISTANCE) + ) { + clif_buyvending(sd, 0, 32767, 4); // too far [Lupus] + //probably... we should add either a hack log / or a proper message. But normal player won't see ie anyway + return; + } + // check number of buying items if (len < 8 + 4 || len > 8 + 4 * MAX_VENDING) { |