Core/Spells: Fix Shaman totem bar exploit that would allow the player to cast any spell when using Call of the Elements etc.

Original patch by 3kids

Closes #2356

1 files changed, 11 insertions, 2 deletions

diff --git a/src/server/game/Spells/SpellEffects.cpp b/src/server/game/Spells/SpellEffects.cpp
index 2e8f9960a63..d726e874f27 100755
--- a/src/server/game/Spells/SpellEffects.cpp
+++ b/src/server/game/Spells/SpellEffects.cpp
@@ -6967,14 +6967,23 @@ void Spell::EffectCastButtons(SpellEffIndex effIndex)
         if (!ab || ab->GetType() != ACTION_BUTTON_SPELL)
             continue;
 
+        //! Action button data is unverified when it's set so it can be "hacked" 
+        //! to contain invalid spells, so filter here.
         uint32 spell_id = ab->GetAction();
         if (!spell_id)
             continue;
 
-        if (p_caster->HasSpellCooldown(spell_id))
+        SpellInfo const *spellInfo = sSpellMgr->GetSpellInfo(spell_id);
+        if (!spellInfo)
             continue;
 
-        SpellInfo const *spellInfo = sSpellMgr->GetSpellInfo(spell_id);
+        if (!p_caster->HasSpell(spell_id) || p_caster->HasSpellCooldown(spell_id))
+            continue;
+
+        //! Valid totem spells only have the first TotemCategory field set, so only check this
+        if (spellInfo->TotemCategory[0] < TC_EARTH_TOTEM || spellInfo->TotemCategory[0] > TC_WATER_TOTEM)
+            continue;
+        
         uint32 cost = spellInfo->CalcPowerCost(m_caster, spellInfo->GetSchoolMask());
 
         if (m_caster->GetPower(POWER_MANA) < cost)