aboutsummaryrefslogtreecommitdiff
path: root/src/network
diff options
context:
space:
mode:
authorSmallJoker <mk939@ymail.com>2021-03-07 10:04:07 +0100
committersfan5 <sfan5@live.de>2021-04-05 16:01:15 +0200
commit41beb74ef7eab2a2c634cd2c23671807443788aa (patch)
tree4b7c6135a8090cae422a8ccb53c864a5af7566ec /src/network
parent67be50b706b0d1364b42ff1fd3d461d0794cd268 (diff)
downloadminetest-41beb74ef7eab2a2c634cd2c23671807443788aa.tar.gz
minetest-41beb74ef7eab2a2c634cd2c23671807443788aa.tar.bz2
minetest-41beb74ef7eab2a2c634cd2c23671807443788aa.zip
Protect per-player detached inventory actions
Diffstat (limited to 'src/network')
-rw-r--r--src/network/serverpackethandler.cpp6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp
index ddc6f4e47..f1ed42302 100644
--- a/src/network/serverpackethandler.cpp
+++ b/src/network/serverpackethandler.cpp
@@ -626,7 +626,7 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
const bool player_has_interact = checkPriv(player->getName(), "interact");
- auto check_inv_access = [player, player_has_interact] (
+ auto check_inv_access = [player, player_has_interact, this] (
const InventoryLocation &loc) -> bool {
if (loc.type == InventoryLocation::CURRENT_PLAYER)
return false; // Only used internally on the client, never sent
@@ -634,6 +634,10 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt)
// Allow access to own inventory in all cases
return loc.name == player->getName();
}
+ if (loc.type == InventoryLocation::DETACHED) {
+ if (!getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName()))
+ return false;
+ }
if (!player_has_interact) {
infostream << "Cannot modify foreign inventory: "