Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Group related things #11584

Merged
merged 3 commits into from

5 participants

@Dehravor

916d84b: If lootMethod or lootThreshold is invalid, portrait menus become unusable to the entire raid. I don't know whether it is useful for other exploits (invalid loot method server-side?) (http://www.wowwiki.com/MACRO_threshold)

2e897d0: The master looter can be anyone, he/she doesn't have to be in the group.

08cd624: Patch 3.3.0 (08-Dec-2009): Any party member may mark targets (this does not apply to raid groups). (Previously only party leaders could mark.) The option is available client-side but unusable atm. Hostile players shouldn't be targeted this way.

Dehravor added some commits
@Dehravor Dehravor Core/Group: Add sanity checks to CMSG_LOOT_METHOD's handler
If lootMethod or lootThreshold is invalid, portrait menus become unusable to the entire raid.
916d84b
@Dehravor Dehravor Core/Group: Fix exploit
The master looter should be in the group.
2e897d0
@Dehravor Dehravor Core/Group: Any party member may mark targets (this does not apply to…
… raid groups)

Also ensure that the targeted player is not hostile.
08cd624
@Aokromes
Owner

Another Master Loot exploit, is that only Master Looter can see the loot from corpse and tell people loot failed.

@Sentence

I think that everybody see the loot, not only the ML, but cannot loot them.

@jackpoz
Collaborator

@Dehravor : did you test already all changes so that I can safely merge your pull request ? :)

@Shauren
Owner

Hostile players shouldn't be targeted this way.

^ is that really a thing?

@Dehravor

@jackpoz : yes; it fixes the problems mentioned above and I didn't notice anything that became broken.
@Shauren : client checks it, you may try to mark an enemy player with the following: /script SetRaidTarget("target", 1)

@Shauren
Owner

You are right about hostile check, client indeed does it

@jackpoz jackpoz merged commit 1aada1f into TrinityCore:master
@Dehravor Dehravor deleted the unknown repository branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 9, 2014
  1. @Dehravor

    Core/Group: Add sanity checks to CMSG_LOOT_METHOD's handler

    Dehravor authored
    If lootMethod or lootThreshold is invalid, portrait menus become unusable to the entire raid.
  2. @Dehravor

    Core/Group: Fix exploit

    Dehravor authored
    The master looter should be in the group.
  3. @Dehravor

    Core/Group: Any party member may mark targets (this does not apply to…

    Dehravor authored
    … raid groups)
    
    Also ensure that the targeted player is not hostile.
This page is out of date. Refresh to see the latest.
Showing with 19 additions and 1 deletion.
  1. +19 −1 src/server/game/Handlers/GroupHandler.cpp
View
20 src/server/game/Handlers/GroupHandler.cpp
@@ -425,6 +425,15 @@ void WorldSession::HandleLootMethodOpcode(WorldPacket& recvData)
/** error handling **/
if (!group->IsLeader(GetPlayer()->GetGUID()))
return;
+
+ if (lootMethod > NEED_BEFORE_GREED)
+ return;
+
+ if (lootThreshold < ITEM_QUALITY_UNCOMMON || lootThreshold > ITEM_QUALITY_ARTIFACT)
+ return;
+
+ if (lootMethod == MASTER_LOOT && !group->IsMember(lootMaster))
+ return;
/********************/
// everything's fine, do it
@@ -534,11 +543,20 @@ void WorldSession::HandleRaidTargetUpdateOpcode(WorldPacket& recvData)
}
else // target icon update
{
- if (!group->IsLeader(GetPlayer()->GetGUID()) && !group->IsAssistant(GetPlayer()->GetGUID()))
+ if (group->isRaidGroup() && !group->IsLeader(GetPlayer()->GetGUID()) && !group->IsAssistant(GetPlayer()->GetGUID()))
return;
uint64 guid;
recvData >> guid;
+
+ if (IS_PLAYER_GUID(guid))
+ {
+ Player* target = ObjectAccessor::FindPlayer(guid);
+
+ if (!target || target->IsHostileTo(GetPlayer()))
+ return;
+ }
+
group->SetTargetIcon(x, _player->GetGUID(), guid);
}
}
Something went wrong with that request. Please try again.