[11147] Fix a potential exploit with multicast bars - allow place only totem spells in these slots

Signed-off-by: Ambal <pogrebniak@gala.net>
2025-12-13 22:37:03 +00:00 · 2011-02-12 17:02:12 +02:00 · 2011-02-12 17:02:12 +02:00 · 9adb955f2a
commit 9adb955f2a
parent ec123b59a6
4 changed files with 64 additions and 9 deletions
--- a/src/game/Player.cpp
+++ b/src/game/Player.cpp
@ -5988,7 +5988,9 @@ bool Player::IsActionButtonDataValid(uint8 button, uint32 action, uint8 type, Pl
    switch(type)
    {
        case ACTION_BUTTON_SPELL:
-            if(!sSpellStore.LookupEntry(action))
+        {
+            SpellEntry const* spellProto = sSpellStore.LookupEntry(action);
+            if(!spellProto)
            {
                if (msg)
                {
@ -6000,14 +6002,33 @@ bool Player::IsActionButtonDataValid(uint8 button, uint32 action, uint8 type, Pl
                return false;
            }

-            if(player && !player->HasSpell(action))
+            if(player)
            {
-                if (msg)
-                    sLog.outError( "Spell action %u not added into button %u for player %s: player don't known this spell", action, button, player->GetName() );
-                return false;
+                if(!player->HasSpell(spellProto->Id))
+                {
+                    if (msg)
+                        sLog.outError( "Spell action %u not added into button %u for player %s: player don't known this spell", action, button, player->GetName() );
+                    return false;
+                }
+                else if(IsPassiveSpell(spellProto))
+                {
+                    if (msg)
+                        sLog.outError( "Spell action %u not added into button %u for player %s: spell is passive", action, button, player->GetName() );
+                    return false;
+                }
+                // current range for button of totem bar is from ACTION_BUTTON_SHAMAN_TOTEMS_BAR to (but not including) ACTION_BUTTON_SHAMAN_TOTEMS_BAR + 12
+                else if(button >= ACTION_BUTTON_SHAMAN_TOTEMS_BAR && button < (ACTION_BUTTON_SHAMAN_TOTEMS_BAR + 12)
+                    && !(spellProto->AttributesEx7 & SPELL_ATTR_EX7_TOTEM_SPELL))
+                {
+                    if (msg)
+                        sLog.outError( "Spell action %u not added into button %u for player %s: attempt to add non totem spell to totem bar", action, button, player->GetName() );
+                    return false;
+                }
            }
            break;
+        }
        case ACTION_BUTTON_ITEM:
+        {
            if(!ObjectMgr::GetItemPrototype(action))
            {
                if (msg)
@ -6020,6 +6041,7 @@ bool Player::IsActionButtonDataValid(uint8 button, uint32 action, uint8 type, Pl
                return false;
            }
            break;
+        }
        default:
            break;                                          // other cases not checked at this moment
    }