diff options
| author | jackpoz <giacomopoz@gmail.com> | 2014-06-28 18:23:10 +0200 |
|---|---|---|
| committer | jackpoz <giacomopoz@gmail.com> | 2014-06-28 18:23:10 +0200 |
| commit | e77c6fc98b705ecf3aed873d1f29b7434f2f48ca (patch) | |
| tree | d6d29440ab600bc74b8bded6efff3a0d57b09605 | |
| parent | 82df3f090bb80ce045520786549b6370dcdc5874 (diff) | |
Core/Mails: Fix exploit that allowed to take COD items without paying
| -rw-r--r-- | src/server/game/Handlers/MailHandler.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/server/game/Handlers/MailHandler.cpp b/src/server/game/Handlers/MailHandler.cpp index ba363ced39c..8ce2100acc7 100644 --- a/src/server/game/Handlers/MailHandler.cpp +++ b/src/server/game/Handlers/MailHandler.cpp @@ -469,6 +469,13 @@ void WorldSession::HandleMailTakeItem(WorldPacket& recvData) return; } + // verify that the mail has the item to avoid cheaters taking COD items without paying + if (std::find_if(m->items.begin(), m->items.end(), [itemId](MailItemInfo info){ return info.item_guid == itemId; }) == m->items.end()) + { + player->SendMailResult(mailId, MAIL_ITEM_TAKEN, MAIL_ERR_INTERNAL_ERROR); + return; + } + // prevent cheating with skip client money check if (!player->HasEnoughMoney(m->COD)) { |