From: DaveG <da...@us...> - 2006-04-10 17:41:40
|
Update of /cvsroot/planeshift/planeshift/src/server In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21063/src/server Modified Files: adminmanager.cpp Log Message: correct fix for self-deputizing exploit (bah... must've cut something out from /changetype by accident) Index: adminmanager.cpp =================================================================== RCS file: /cvsroot/planeshift/planeshift/src/server/adminmanager.cpp,v retrieving revision 1.324 retrieving revision 1.325 diff -C2 -d -r1.324 -r1.325 *** adminmanager.cpp 10 Apr 2006 17:22:23 -0000 1.324 --- adminmanager.cpp 10 Apr 2006 17:41:36 -0000 1.325 *************** *** 3825,3837 **** } ! if (target == client) { ! // Next test enable everyone to set their security leve, so for now I will limit to only let ! // a player deputize another client. ! psserver->SendSystemError(me->clientnum,"You can't deputize yourself"); return; } ! ! if (target != client && value > maxleveltoset) { psserver->SendSystemError(me->clientnum,"Max access level you may set is %d", maxleveltoset); --- 3825,3834 ---- } ! if ( target == client && value > GetTrueSecurityLevel(target->GetAccountID()) ) { ! psserver->SendSystemError(me->clientnum,"You cannot upgrade your own level!"); return; } ! else if ( target != client && value > maxleveltoset ) { psserver->SendSystemError(me->clientnum,"Max access level you may set is %d", maxleveltoset); |