From db2593f41d75fb9b832f240313522d50d95f4618 Mon Sep 17 00:00:00 2001
From: jackpoz <giacomopoz@gmail.com>
Date: Mon, 12 May 2014 22:40:55 +0200
Subject: Core/Arena: Fix exploit in arena team

Fix exploit that allowed anyone to add a target Player to any arena team.
---
 src/server/game/Handlers/ArenaTeamHandler.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/server/game/Handlers/ArenaTeamHandler.cpp')

diff --git a/src/server/game/Handlers/ArenaTeamHandler.cpp b/src/server/game/Handlers/ArenaTeamHandler.cpp
index 632bd02def0..3bb3edac500 100644
--- a/src/server/game/Handlers/ArenaTeamHandler.cpp
+++ b/src/server/game/Handlers/ArenaTeamHandler.cpp
@@ -121,6 +121,12 @@ void WorldSession::HandleArenaTeamInviteOpcode(WorldPacket& recvData)
         return;
     }
 
+    if (GetPlayer()->GetArenaTeamId(arenaTeam->GetSlot()) != arenaTeamId)
+    {
+        SendArenaTeamCommandResult(ERR_ARENA_TEAM_CREATE_S, "", "", ERR_ARENA_TEAM_PERMISSIONS);
+        return;
+    }
+
     // OK result but don't send invite
     if (player->GetSocial()->HasIgnore(GetPlayer()->GetGUIDLow()))
         return;
-- 
cgit v1.2.3