fix: harden troop processing race conditions (#98) (#138)

This commit is contained in:
Emerson Freitas
2026-03-17 15:13:14 -03:00
committed by GitHub
parent bf9e48d5cf
commit a7bdac8392
4 changed files with 62 additions and 22 deletions
+8 -3
View File
@@ -276,6 +276,14 @@ class Units {
header( "Location: a2b.php" );
exit;
}else{
if (empty($data['id']) || !$database->claimA2b((int)$data['id'], $post['timestamp_checksum'])) {
$form->addError("error", "This troop send request was already processed. Please try again.");
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}
$u = ($session->tribe == 1) ? "" : $session->tribe - 1;
$database->modifyUnit(
@@ -401,9 +409,6 @@ class Units {
exit;
}
// prevent re-use of the same attack via re-POSTing the same data
$database->remA2b($data['id']);
header("Location: build.php?id=39");
exit;
}