Core/Loot: Fix Master Loot exploit

Fix Master Loot exploit allowing any online Player to receive loot.
author: jackpoz <giacomopoz@gmail.com> 2014-01-01 21:42:15 +0100
committer: jackpoz <giacomopoz@gmail.com> 2014-01-01 21:42:15 +0100
commit: 82181a8622f9a6981f9649b8ea99dd94d2184d11 (patch)
tree: ab2d7ce740b75a849282692dd5f60fc031e2646f /src/server/game/Handlers/LootHandler.cpp
parent: e773c9a6931f5fcfc0ffa48791000360b6a4aa88 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/server/game/Handlers/LootHandler.cpp b/src/server/game/Handlers/LootHandler.cpp
index 72b05b2d78c..4fd912298ec 100644
--- a/src/server/game/Handlers/LootHandler.cpp
+++ b/src/server/game/Handlers/LootHandler.cpp
@@ -419,6 +419,13 @@ void WorldSession::HandleLootMasterGiveOpcode(WorldPacket& recvData)
     if (_player->GetLootGUID() != lootguid)
         return;
 
+    if (!_player->IsInRaidWith(target) || !_player->IsInMap(target))
+    {
+        TC_LOG_INFO("loot", "MasterLootItem: Player %s tried to give an item to ineligible player %s !", GetPlayer()->GetName().c_str(), target->GetName().c_str());
+        return;
+    }
+
+
     Loot* loot = NULL;
 
     if (IS_CRE_OR_VEH_GUID(GetPlayer()->GetLootGUID()))
author	jackpoz <giacomopoz@gmail.com>	2014-01-01 21:42:15 +0100
committer	jackpoz <giacomopoz@gmail.com>	2014-01-01 21:42:15 +0100
commit	82181a8622f9a6981f9649b8ea99dd94d2184d11 (patch)
tree	ab2d7ce740b75a849282692dd5f60fc031e2646f /src/server/game/Handlers/LootHandler.cpp
parent	e773c9a6931f5fcfc0ffa48791000360b6a4aa88 (diff)