mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-15 17:16:08 +00:00
Fixed an exploit in the market
+Fixed an exploit that permitted to gain an infinite amount of resources
This commit is contained in:
@@ -5264,8 +5264,8 @@ References: User ID/Message ID, Mode
|
||||
Made by: Dzoki
|
||||
***************************/
|
||||
|
||||
function getMarketField($vref, $field, $use_cache = true) {
|
||||
list($vref, $field) = $this->escape_input($vref, $field);
|
||||
function getMarketField($vref, $id, $field, $use_cache = true) {
|
||||
list($vref, $id, $field) = $this->escape_input($vref, $id, $field);
|
||||
|
||||
// first of all, check if we should be using cache and whether the field
|
||||
// required is already cached
|
||||
@@ -5273,7 +5273,7 @@ References: User ID/Message ID, Mode
|
||||
return $cachedValue;
|
||||
}
|
||||
|
||||
$q = "SELECT * FROM " . TB_PREFIX . "market where vref = '$vref' LIMIT 1";
|
||||
$q = "SELECT * FROM " . TB_PREFIX . "market WHERE id = $id AND vref = $vref";
|
||||
$result = mysqli_query($this->dblink,$q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
|
||||
|
||||
@@ -45,8 +45,8 @@ class Market
|
||||
else if(isset($get['t']) && $get['t'] == 2 && isset($get['a']) && $get['a'] == 5 && isset($get['del']))
|
||||
{
|
||||
//GET ALL FIELDS FROM MARKET
|
||||
$type = $database->getMarketField($village->wid, "gtype");
|
||||
$amt = $database->getMarketField($village->wid, "gamt");
|
||||
$type = $database->getMarketField($village->wid, $get['del'], "gtype");
|
||||
$amt = $database->getMarketField($village->wid, $get['del'], "gamt");
|
||||
$database->getResourcesBack($village->wid, $type, $amt);
|
||||
$database->addMarket($village->wid, $get['del'], 0, 0, 0, 0, 0, 0, 1);
|
||||
header("Location: build.php?id=".$get['id']."&t=2");
|
||||
|
||||
Reference in New Issue
Block a user