nchebrov/azerothcore-wotlk
1
0
Fork 0
mirror of https://github.com/mod-playerbots/azerothcore-wotlk.git synced 2026-01-24 14:16:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(Core/Commands): Item duplication exploit (#9650)

Browse Source
This commit is contained in:
Noxies
2021-12-11 17:21:07 +01:00
committed by GitHub
parent 41e19b8bb5
commit 5ec50ac119
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/database/Database/Implementation/CharacterDatabase.cpp
View File

@@ -593,7 +593,7 @@ void CharacterDatabaseConnection::DoPrepareStatements()
// Recovery Item
PrepareStatement(CHAR_INS_RECOVERY_ITEM, "INSERT INTO recovery_item (Guid, ItemEntry, Count) VALUES (?, ?, ?)", CONNECTION_SYNCH);
PrepareStatement(CHAR_SEL_RECOVERY_ITEM, "SELECT id, itemEntry, Count FROM recovery_item WHERE id = ?", CONNECTION_SYNCH);
PrepareStatement(CHAR_SEL_RECOVERY_ITEM, "SELECT id, itemEntry, Count, Guid FROM recovery_item WHERE id = ?", CONNECTION_SYNCH);
PrepareStatement(CHAR_SEL_RECOVERY_ITEM_LIST, "SELECT id, itemEntry, Count FROM recovery_item WHERE Guid = ? ORDER BY id DESC", CONNECTION_SYNCH);
PrepareStatement(CHAR_DEL_RECOVERY_ITEM, "DELETE FROM recovery_item WHERE Guid = ? AND ItemEntry = ? AND Count = ? ORDER BY Id DESC LIMIT 1", CONNECTION_ASYNC);
PrepareStatement(CHAR_DEL_RECOVERY_ITEM_BY_RECOVERY_ID, "DELETE FROM recovery_item WHERE id = ?", CONNECTION_ASYNC);

2
src/server/scripts/Commands/cs_item.cpp
View File

@@ -75,7 +75,7 @@ public:
stmt->setUInt32(0, restoreId);
PreparedQueryResult fields = CharacterDatabase.Query(stmt);
if (!fields || !(*fields)[1].GetUInt32())
if (!fields || !(*fields)[1].GetUInt32() || (*fields)[3].GetUInt32() != player.GetGUID().GetCounter())
{
handler->SendSysMessage(LANG_ITEM_RESTORE_MISSING);
handler->SetSentErrorMessage(true);