Core: Add security to C++ scripted options. #11567

Closed
wants to merge 2 commits into
from

6 participants

@Rochet2
Contributor
Rochet2 commented Feb 4, 2014

This change makes sure that the option details in OnGossipSelect hook are from an option sent by the creature you are at.

Before this only the database coded gossips have had this check as they work with menu_ids and check the menu_id and existence of the option clicked in the menu. (makes sure you clicked an existing option in the menu sent)
For C++ sent options the menu_id is 0 or similar. Thus it cant be used.

Without this it is possible to "click" an option with hacks that doesn't exist in the menu originally sent to the player in C++ coded menus. (selections)

@ghost
ghost commented Feb 4, 2014

👍

@Lillecarl

coolio

@Subv
Contributor
Subv commented Feb 5, 2014

I like the concept, but I don't have the time to check the implementation right now, @DDuarte what do you think about this?

@jackpoz
Member
jackpoz commented Feb 16, 2014

please initialize _senderGUID in the constructor.

@Shauren
Member
Shauren commented Mar 12, 2014

Note to self so I don't forget when I get home - set _senderGUID to 0 in SendCloseGossip and merge

@Shauren Shauren added a commit that closed this pull request Mar 13, 2014
@Rochet2 @Shauren Rochet2 + Shauren Core/Gossip: Add security to C++ scripted gossip options by checking …
…guid of the object that the player is interecting with. Idea by @LilleCarl

Closes #11567
6c64fa8
@Shauren Shauren closed this in 6c64fa8 Mar 13, 2014
@Rochet2 Rochet2 deleted the Rochet2:GossipChecks branch Mar 13, 2014
@Shauren Shauren added a commit to raczman/TrinityCore that referenced this pull request Apr 20, 2014
@Rochet2 @Shauren Rochet2 + Shauren Core/Gossip: Add security to C++ scripted gossip options by checking …
…guid of the object that the player is interecting with. Idea by @LilleCarl

Closes #11567
c41a4c0
@Rochet2
Contributor
Rochet2 commented Sep 7, 2014

crash fix for later reference:
61c9891

@lfxgroove lfxgroove added a commit to lfxgroove/server that referenced this pull request Sep 11, 2014
@lfxgroove lfxgroove Backport of TrinityCore/TrinityCore#11567 ecb1bf0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment