aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBlockhead <jbis1337@hotmail.com>2020-06-28 23:39:32 +1000
committerGabriel PĂ©rez-Cerezo <gabriel@gpcf.eu>2020-06-29 01:37:35 +0200
commiteb2e5f4cdf2820a5bdf1a4f516bd9dcc8a2f2ce3 (patch)
tree452fadbe68f1b6ab0dcb3df54ddf8aaefe62e34e
parent0b14d8ddb131343a588f27b8c06f1742036d00a7 (diff)
downloadadvtrains-eb2e5f4cdf2820a5bdf1a4f516bd9dcc8a2f2ce3.tar.gz
advtrains-eb2e5f4cdf2820a5bdf1a4f516bd9dcc8a2f2ce3.tar.bz2
advtrains-eb2e5f4cdf2820a5bdf1a4f516bd9dcc8a2f2ce3.zip
Fix access control to wagon properties
Previously, players were able to open the wagon properties of any wagon at all through the wagon properties button on the inventory formspec and through the wagon buttons on the onboard computer. Add a check for ownership before allowing players to open wagon properties.
-rw-r--r--advtrains/wagons.lua4
1 files changed, 2 insertions, 2 deletions
diff --git a/advtrains/wagons.lua b/advtrains/wagons.lua
index c44cd9c..2b0833d 100644
--- a/advtrains/wagons.lua
+++ b/advtrains/wagons.lua
@@ -921,7 +921,7 @@ function wagon:handle_bordcom_fields(pname, formname, fields)
advtrains.safe_decouple_wagon(tpid, pname)
elseif fields["wgprp"..i] then
for _,wagon in pairs(minetest.luaentities) do
- if wagon.is_wagon and wagon.initialized and wagon.id==tpid then
+ if wagon.is_wagon and wagon.initialized and wagon.id==tpid and data.owner==pname then
wagon:show_wagon_properties(pname)
return
end
@@ -1029,7 +1029,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
local data = advtrains.wagons[uid]
if fields.prop and data.owner==pname then
for _,wagon in pairs(minetest.luaentities) do
- if wagon.is_wagon and wagon.initialized and wagon.id==uid then
+ if wagon.is_wagon and wagon.initialized and wagon.id==uid and data.owner==pname then
wagon:show_wagon_properties(pname)
--wagon:handle_bordcom_fields(player:get_player_name(), formname, fields)
end