luanti-org/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-10-18 10:45:27 +02:00
Code Activity

Protect per-player detached inventory actions

Browse Source
This commit is contained in:
SmallJoker
2021-03-07 10:04:07 +01:00
committed by SmallJoker
parent d9b78d6492
commit fc864029b9
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/network/serverpackethandler.cpp
View File

@@ -626,7 +626,7 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
const bool player_has_interact = checkPriv(player->getName(), "interact");
auto check_inv_access = [player, player_has_interact] (
auto check_inv_access = [player, player_has_interact, this] (
const InventoryLocation &loc) -> bool {
if (loc.type == InventoryLocation::CURRENT_PLAYER)
return false; // Only used internally on the client, never sent
@@ -634,6 +634,10 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
// Allow access to own inventory in all cases
return loc.name == player->getName();
}
if (loc.type == InventoryLocation::DETACHED) {
if (!getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName()))
return false;
}
if (!player_has_interact) {
infostream << "Cannot modify foreign inventory: "