From c87de730fae0914a5d0741365066007a46f9a469 Mon Sep 17 00:00:00 2001
From: Nayd <dnpd.dd@gmail.com>
Date: Sat, 31 Jan 2015 20:12:57 +0000
Subject: Core/Quests: Fixed WPE exploit that allowed to accept any quest

(cherry picked from commit 6b10271891d2cbafbad1446051fcf3866ea728e3)
---
 src/server/game/Handlers/QuestHandler.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/server/game/Handlers/QuestHandler.cpp b/src/server/game/Handlers/QuestHandler.cpp
index d6d7e3b9876..b6157d6eb94 100644
--- a/src/server/game/Handlers/QuestHandler.cpp
+++ b/src/server/game/Handlers/QuestHandler.cpp
@@ -458,6 +458,12 @@ void WorldSession::HandleQuestConfirmAccept(WorldPacket& recvData)
         if (!_player->IsInSameRaidWith(originalPlayer))
             return;
 
+        if (!originalPlayer->CanShareQuest(questId))
+            return;
+
+        if (!_player->CanTakeQuest(quest, true))
+            return;
+
         if (_player->CanAddQuest(quest, true))
             _player->AddQuestAndCheckCompletion(quest, NULL); // NULL, this prevent DB script from duplicate running
 
-- 
cgit v1.2.3