From 20004050bcd9396f504e3e33138b734d96de5238 Mon Sep 17 00:00:00 2001 From: Vincent_Michael Date: Wed, 1 Jan 2014 00:07:53 +0100 Subject: Update copyright note for 2014. Happy new year. --- src/server/game/Handlers/LootHandler.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/server/game/Handlers/LootHandler.cpp') diff --git a/src/server/game/Handlers/LootHandler.cpp b/src/server/game/Handlers/LootHandler.cpp index 94578b83c20..72b05b2d78c 100644 --- a/src/server/game/Handlers/LootHandler.cpp +++ b/src/server/game/Handlers/LootHandler.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2013 TrinityCore + * Copyright (C) 2008-2014 TrinityCore * Copyright (C) 2005-2009 MaNGOS * * This program is free software; you can redistribute it and/or modify it -- cgit v1.2.3 From 82181a8622f9a6981f9649b8ea99dd94d2184d11 Mon Sep 17 00:00:00 2001 From: jackpoz Date: Wed, 1 Jan 2014 21:42:15 +0100 Subject: Core/Loot: Fix Master Loot exploit Fix Master Loot exploit allowing any online Player to receive loot. --- src/server/game/Handlers/LootHandler.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/server/game/Handlers/LootHandler.cpp') diff --git a/src/server/game/Handlers/LootHandler.cpp b/src/server/game/Handlers/LootHandler.cpp index 72b05b2d78c..4fd912298ec 100644 --- a/src/server/game/Handlers/LootHandler.cpp +++ b/src/server/game/Handlers/LootHandler.cpp @@ -419,6 +419,13 @@ void WorldSession::HandleLootMasterGiveOpcode(WorldPacket& recvData) if (_player->GetLootGUID() != lootguid) return; + if (!_player->IsInRaidWith(target) || !_player->IsInMap(target)) + { + TC_LOG_INFO("loot", "MasterLootItem: Player %s tried to give an item to ineligible player %s !", GetPlayer()->GetName().c_str(), target->GetName().c_str()); + return; + } + + Loot* loot = NULL; if (IS_CRE_OR_VEH_GUID(GetPlayer()->GetLootGUID())) -- cgit v1.2.3