From e77c6fc98b705ecf3aed873d1f29b7434f2f48ca Mon Sep 17 00:00:00 2001
From: jackpoz <giacomopoz@gmail.com>
Date: Sat, 28 Jun 2014 18:23:10 +0200
Subject: Core/Mails: Fix exploit that allowed to take COD items without paying

---
 src/server/game/Handlers/MailHandler.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src')

diff --git a/src/server/game/Handlers/MailHandler.cpp b/src/server/game/Handlers/MailHandler.cpp
index ba363ced39c..8ce2100acc7 100644
--- a/src/server/game/Handlers/MailHandler.cpp
+++ b/src/server/game/Handlers/MailHandler.cpp
@@ -469,6 +469,13 @@ void WorldSession::HandleMailTakeItem(WorldPacket& recvData)
         return;
     }
 
+    // verify that the mail has the item to avoid cheaters taking COD items without paying
+    if (std::find_if(m->items.begin(), m->items.end(), [itemId](MailItemInfo info){ return info.item_guid == itemId; }) == m->items.end())
+    {
+        player->SendMailResult(mailId, MAIL_ITEM_TAKEN, MAIL_ERR_INTERNAL_ERROR);
+        return;
+    }
+
     // prevent cheating with skip client money check
     if (!player->HasEnoughMoney(m->COD))
     {
-- 
cgit v1.2.3