From 77e936445f4e520e5301de03f11698083d9184a9 Mon Sep 17 00:00:00 2001 From: SmallJoker Date: Sun, 7 Mar 2021 11:35:53 +0100 Subject: Protect dropping from far node inventories Also changes if/if to switch/case --- src/network/serverpackethandler.cpp | 47 ++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/network/serverpackethandler.cpp b/src/network/serverpackethandler.cpp index f1ed42302..b863e1828 100644 --- a/src/network/serverpackethandler.cpp +++ b/src/network/serverpackethandler.cpp @@ -628,23 +628,34 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt) auto check_inv_access = [player, player_has_interact, this] ( const InventoryLocation &loc) -> bool { - if (loc.type == InventoryLocation::CURRENT_PLAYER) - return false; // Only used internally on the client, never sent - if (loc.type == InventoryLocation::PLAYER) { - // Allow access to own inventory in all cases - return loc.name == player->getName(); - } - if (loc.type == InventoryLocation::DETACHED) { - if (!getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName())) - return false; - } - if (!player_has_interact) { + // Players without interact may modify their own inventory + if (!player_has_interact && loc.type != InventoryLocation::PLAYER) { infostream << "Cannot modify foreign inventory: " << "No interact privilege" << std::endl; return false; } - return true; + + switch (loc.type) { + case InventoryLocation::CURRENT_PLAYER: + // Only used internally on the client, never sent + return false; + case InventoryLocation::PLAYER: + // Allow access to own inventory in all cases + return loc.name == player->getName(); + case InventoryLocation::NODEMETA: + { + // Check for out-of-range interaction + v3f node_pos = intToFloat(loc.p, BS); + v3f player_pos = player->getPlayerSAO()->getEyePosition(); + f32 d = player_pos.getDistanceFrom(node_pos); + return checkInteractDistance(player, d, "inventory"); + } + case InventoryLocation::DETACHED: + return getInventoryMgr()->checkDetachedInventoryAccess(loc, player->getName()); + default: + return false; + } }; /* @@ -664,18 +675,6 @@ void Server::handleCommand_InventoryAction(NetworkPacket* pkt) !check_inv_access(ma->to_inv)) return; - InventoryLocation *remote = ma->from_inv.type == InventoryLocation::PLAYER ? - &ma->to_inv : &ma->from_inv; - - // Check for out-of-range interaction - if (remote->type == InventoryLocation::NODEMETA) { - v3f node_pos = intToFloat(remote->p, BS); - v3f player_pos = player->getPlayerSAO()->getEyePosition(); - f32 d = player_pos.getDistanceFrom(node_pos); - if (!checkInteractDistance(player, d, "inventory")) - return; - } - /* Disable moving items out of craftpreview */ -- cgit v1.2.3