oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-07-02 16:38:41 +00:00
Code Wiki Activity

Protect per-player detached inventory actions

Browse source
This commit is contained in:
SmallJoker 2021-03-07 10:04:07 +01:00 committed by SmallJoker
parent d9b78d6492
commit fc864029b9
3 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/network/serverpackethandler.cpp
View file

@ -626,7 +626,7 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
const bool player_has_interact = checkPriv(player->getName(), "interact");
auto check_inv_access = [player, player_has_interact] (
auto check_inv_access = [player, player_has_interact, this] (
const InventoryLocation &loc) -> bool {
if (loc.type == InventoryLocation::CURRENT_PLAYER)
return false; // Only used internally on the client, never sent
@ -634,6 +634,10 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
// Allow access to own inventory in all cases
return loc.name == player->getName();
}
if (loc.type == InventoryLocation::DETACHED) {
if (!getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName()))
return false;
}
if (!player_has_interact) {
infostream << "Cannot modify foreign inventory: "