Core/Mails: Fix exploit that allowed to take COD items without paying

author: jackpoz <giacomopoz@gmail.com> 2014-06-28 18:23:10 +0200
committer: jackpoz <giacomopoz@gmail.com> 2014-06-28 18:23:10 +0200
commit: e77c6fc98b705ecf3aed873d1f29b7434f2f48ca (patch)
tree: d6d29440ab600bc74b8bded6efff3a0d57b09605 /src
parent: 82df3f090bb80ce045520786549b6370dcdc5874 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/server/game/Handlers/MailHandler.cpp b/src/server/game/Handlers/MailHandler.cpp
index ba363ced39c..8ce2100acc7 100644
--- a/src/server/game/Handlers/MailHandler.cpp
+++ b/src/server/game/Handlers/MailHandler.cpp
@@ -469,6 +469,13 @@ void WorldSession::HandleMailTakeItem(WorldPacket& recvData)
         return;
     }
 
+    // verify that the mail has the item to avoid cheaters taking COD items without paying
+    if (std::find_if(m->items.begin(), m->items.end(), [itemId](MailItemInfo info){ return info.item_guid == itemId; }) == m->items.end())
+    {
+        player->SendMailResult(mailId, MAIL_ITEM_TAKEN, MAIL_ERR_INTERNAL_ERROR);
+        return;
+    }
+
     // prevent cheating with skip client money check
     if (!player->HasEnoughMoney(m->COD))
     {
author	jackpoz <giacomopoz@gmail.com>	2014-06-28 18:23:10 +0200
committer	jackpoz <giacomopoz@gmail.com>	2014-06-28 18:23:10 +0200
commit	e77c6fc98b705ecf3aed873d1f29b7434f2f48ca (patch)
tree	d6d29440ab600bc74b8bded6efff3a0d57b09605 /src
parent	82df3f090bb80ce045520786549b6370dcdc5874 (diff)