From 3693b6871eba268ecc79b3f52d00d3cefe761131 Mon Sep 17 00:00:00 2001 From: Lars Müller <34514239+appgurueu@users.noreply.github.com> Date: Sat, 29 Aug 2020 17:41:03 +0200 Subject: Prevent players accessing inventories of other players (#10341) --- src/network/serverpackethandler.cpp | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'src/network') diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index dcbb114bf..abd9deff0 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -630,13 +630,19 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt) if (ma->from_inv != ma->to_inv) m_inventory_mgr->setInventoryModified(ma->to_inv); - bool from_inv_is_current_player = - (ma->from_inv.type == InventoryLocation::PLAYER) && - (ma->from_inv.name == player->getName()); - - bool to_inv_is_current_player = - (ma->to_inv.type == InventoryLocation::PLAYER) && - (ma->to_inv.name == player->getName()); + bool from_inv_is_current_player = false; + if (ma->from_inv.type == InventoryLocation::PLAYER) { + if (ma->from_inv.name != player->getName()) + return; + from_inv_is_current_player = true; + } + + bool to_inv_is_current_player = false; + if (ma->to_inv.type == InventoryLocation::PLAYER) { + if (ma->to_inv.name != player->getName()) + return; + to_inv_is_current_player = true; + } InventoryLocation *remote = from_inv_is_current_player ? &ma->to_inv : &ma->from_inv; -- cgit v1.2.3