aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMachiavelli <machiavelli.trinity@gmail.com>2011-01-24 23:10:08 +0100
committerMachiavelli <machiavelli.trinity@gmail.com>2011-01-24 23:10:08 +0100
commit0ad2c90d2259316be875bd1a2e441b97e189df4c (patch)
tree41f7a1ac1981f60ca4baad0a143d874ee05b6906 /src
parentba204ae3a793653dea585acffb5a36f1bca37d56 (diff)
Core/Items: Fix money refund amount. Also fix a possible exploit possibility of redeeming both vendor sellprice and money refund price in one go.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/server/game/Entities/Player/Player.cpp8
-rwxr-xr-xsrc/server/game/Server/Protocol/Handlers/ItemHandler.cpp6
2 files changed, 11 insertions, 3 deletions
diff --git a/src/server/game/Entities/Player/Player.cpp b/src/server/game/Entities/Player/Player.cpp
index 3bf78aad49c..65698fa019b 100755
--- a/src/server/game/Entities/Player/Player.cpp
+++ b/src/server/game/Entities/Player/Player.cpp
@@ -24424,14 +24424,16 @@ void Player::RefundItem(Item *item)
data << uint32(iece->reqarenapoints); // arena point cost
for (uint8 i = 0; i < MAX_ITEM_EXTENDED_COST_REQUIREMENTS; ++i) // item cost data
{
- data << iece->reqitem[i];
- data << (iece->reqitemcount[i]);
+ data << uint32(iece->reqitem[i]);
+ data << uint32(iece->reqitemcount[i]);
}
GetSession()->SendPacket(&data);
// Delete any references to the refund data
item->SetNotRefundable(this);
+ uint32 moneyRefund = item->GetPaidMoney(); // item-> will be invalidated in DestroyItem
+
// Destroy item
DestroyItem(item->GetBagSlot(), item->GetSlot(), true);
@@ -24451,7 +24453,7 @@ void Player::RefundItem(Item *item)
}
// Grant back money
- if (uint32 moneyRefund = item->GetPaidMoney())
+ if (moneyRefund)
ModifyMoney(moneyRefund);
// Grant back Honor points
diff --git a/src/server/game/Server/Protocol/Handlers/ItemHandler.cpp b/src/server/game/Server/Protocol/Handlers/ItemHandler.cpp
index 5c33e5c3d56..514461b5dfd 100755
--- a/src/server/game/Server/Protocol/Handlers/ItemHandler.cpp
+++ b/src/server/game/Server/Protocol/Handlers/ItemHandler.cpp
@@ -529,6 +529,12 @@ void WorldSession::HandleSellItemOpcode(WorldPacket & recv_data)
return;
}
+ // prevent selling item for sellprice when the item is still refundable
+ // this probably happens when right clicking a refundable item, the client sends both
+ // CMSG_SELL_ITEM and CMSG_REFUND_ITEM (unverified)
+ if (pItem->HasFlag(ITEM_FIELD_FLAGS, ITEM_FLAG_REFUNDABLE))
+ return; // Therefore, no feedback to client
+
// special case at auto sell (sell all)
if (count == 0)
{