From 4737bcb86691e65380dbd7480214085d3da7dc8f Mon Sep 17 00:00:00 2001 From: Ovahlord Date: Fri, 30 Aug 2019 13:35:17 +0200 Subject: [PATCH] Core/LFG: validate player roles on lfg join to avoid cheating players to join with roles that they should not be able to join --- src/server/game/DungeonFinding/LFGMgr.cpp | 16 ++++++++++++++++ src/server/game/DungeonFinding/LFGMgr.h | 4 ++++ src/server/game/Handlers/LFGHandler.cpp | 5 +++++ 3 files changed, 25 insertions(+) diff --git a/src/server/game/DungeonFinding/LFGMgr.cpp b/src/server/game/DungeonFinding/LFGMgr.cpp index 180d3f2e3ac..b7c1b98c918 100644 --- a/src/server/game/DungeonFinding/LFGMgr.cpp +++ b/src/server/game/DungeonFinding/LFGMgr.cpp @@ -484,6 +484,8 @@ void LFGMgr::JoinLfg(Player* player, uint8 roles, LfgDungeonSet& dungeons, const joinData.result = LFG_JOIN_NOT_MEET_REQS; else if (player->HasAura(9454)) // check Freeze debuff joinData.result = LFG_JOIN_NOT_MEET_REQS; + else if (!CanPerformSelectedRoles(player->getClass(), roles)) + joinData.result = LFG_JOIN_INTERNAL_ERROR; else if (grp) { if (grp->GetMembersCount() > MAXGROUPSIZE) @@ -2282,4 +2284,18 @@ uint32 LFGMgr::GetShortageRoleMask(uint32 dungeonId) return ShortageRoleMaskStore[dungeonId]; } +bool LFGMgr::CanPerformSelectedRoles(uint8 playerClass, uint8 roles) const +{ + // Role Validation + if (roles & lfg::PLAYER_ROLE_TANK && (playerClass != CLASS_DEATH_KNIGHT && playerClass != CLASS_DRUID + && playerClass != CLASS_PALADIN && playerClass != CLASS_WARRIOR)) + return false; + + if (roles & lfg::PLAYER_ROLE_HEALER && (playerClass != CLASS_PALADIN && playerClass != CLASS_DRUID + && playerClass != CLASS_PRIEST && playerClass != CLASS_SHAMAN)) + return false; + + return true; +} + } // namespace lfg diff --git a/src/server/game/DungeonFinding/LFGMgr.h b/src/server/game/DungeonFinding/LFGMgr.h index 90d174291cc..22265fe88a5 100644 --- a/src/server/game/DungeonFinding/LFGMgr.h +++ b/src/server/game/DungeonFinding/LFGMgr.h @@ -454,6 +454,10 @@ class TC_GAME_API LFGMgr /// Returns the stored role mask for the shortage system indexed by random dungeon id uint32 GetShortageRoleMask(uint32 dungeonId); + // WPE Protection + /// Checks if the player's class is allowed to perform his selected roles + bool CanPerformSelectedRoles(uint8 playerClass, uint8 roles) const; + private: uint8 GetTeam(ObjectGuid guid); void RestoreState(ObjectGuid guid, char const* debugMsg); diff --git a/src/server/game/Handlers/LFGHandler.cpp b/src/server/game/Handlers/LFGHandler.cpp index e903c0a0f0d..a9b134bbcac 100644 --- a/src/server/game/Handlers/LFGHandler.cpp +++ b/src/server/game/Handlers/LFGHandler.cpp @@ -85,6 +85,11 @@ void WorldSession::HandleLfgSetRolesOpcode(WorldPackets::LFG::LFGSetRoles& lfgSe ObjectGuid gguid = group->GetGUID(); TC_LOG_DEBUG("lfg", "CMSG_LFG_SET_ROLES: Group %s, Player %s, Roles: %u", gguid.ToString().c_str(), GetPlayerInfo().c_str(), lfgSetRoles.RolesDesired); + + // Role validation + if (!sLFGMgr->CanPerformSelectedRoles(GetPlayer()->getClass(), lfgSetRoles.RolesDesired)) + lfgSetRoles.RolesDesired = 0; + sLFGMgr->UpdateRoleCheck(gguid, guid, lfgSetRoles.RolesDesired); }