Merge branch 'fix/exploit-fixes' into 'dev'

Exploit fixes See merge request morningstar/Arcturus-Community!413
2024-11-22 23:10:52 +01:00 · 2021-03-07 12:24:56 +00:00 · 2021-03-07 12:24:56 +00:00 · e4a10f5d60
commit e4a10f5d60
parent 4cd0b8bf3f 9f2449ec36
2 changed files with 30 additions and 29 deletions
--- a/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java
+++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java
@ -21,7 +21,7 @@ public class BuyRoomPromotionEvent extends MessageHandler {
        int itemId = this.packet.readInt();
        int roomId = this.packet.readInt();
        String title = this.packet.readString();
-        boolean unknown1 = this.packet.readBoolean();
+        boolean extendedPromotion = this.packet.readBoolean();
        String description = this.packet.readString();
        int categoryId = this.packet.readInt();

@ -30,40 +30,41 @@ public class BuyRoomPromotionEvent extends MessageHandler {

        CatalogPage page = Emulator.getGameEnvironment().getCatalogManager().getCatalogPage(pageId);

-        if (page != null) {
-            CatalogItem item = page.getCatalogItem(itemId);
-            if (item != null) {
-                if (this.client.getHabbo().getHabboInfo().canBuy(item)) {
-                    Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId);
+        if (page == null || !page.getLayout().equals("roomads"))
+            return;

-                    if (!(room.isOwner(this.client.getHabbo()) || room.hasRights(this.client.getHabbo()) || room.getGuildRightLevel(this.client.getHabbo()).equals(RoomRightLevels.GUILD_ADMIN))) {
-                        return;
+        CatalogItem item = page.getCatalogItem(itemId);
+        if (item != null) {
+            if (this.client.getHabbo().getHabboInfo().canBuy(item)) {
+                Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId);
+
+                if (!(room.isOwner(this.client.getHabbo()) || room.hasRights(this.client.getHabbo()) || room.getGuildRightLevel(this.client.getHabbo()).equals(RoomRightLevels.GUILD_ADMIN))) {
+                    return;
+                }
+
+                if (room.isPromoted()) {
+                    room.getPromotion().addEndTimestamp(120 * 60);
+                } else {
+                    room.createPromotion(title, description, categoryId);
+                }
+
+                if (room.isPromoted()) {
+                    if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_CREDITS)) {
+                        this.client.getHabbo().giveCredits(-item.getCredits());
                    }

-                    if (room.isPromoted()) {
-                        room.getPromotion().addEndTimestamp(120 * 60);
-                    } else {
-                        room.createPromotion(title, description, categoryId);
+                    if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_POINTS)) {
+                        this.client.getHabbo().givePoints(item.getPointsType(), -item.getPoints());
                    }

-                    if (room.isPromoted()) {
-                        if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_CREDITS)) {
-                            this.client.getHabbo().giveCredits(-item.getCredits());
-                        }
+                    this.client.sendResponse(new PurchaseOKComposer());
+                    room.sendComposer(new RoomPromotionMessageComposer(room, room.getPromotion()).compose());

-                        if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_POINTS)) {
-                            this.client.getHabbo().givePoints(item.getPointsType(), -item.getPoints());
-                        }
-
-                        this.client.sendResponse(new PurchaseOKComposer());
-                        room.sendComposer(new RoomPromotionMessageComposer(room, room.getPromotion()).compose());
-
-                        if (!this.client.getHabbo().getInventory().getBadgesComponent().hasBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE)) {
-                            this.client.getHabbo().addBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE);
-                        }
-                    } else {
-                        this.client.sendResponse(new AlertPurchaseFailedComposer(AlertPurchaseFailedComposer.SERVER_ERROR));
+                    if (!this.client.getHabbo().getInventory().getBadgesComponent().hasBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE)) {
+                        this.client.getHabbo().addBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE);
                    }
+                } else {
+                    this.client.sendResponse(new AlertPurchaseFailedComposer(AlertPurchaseFailedComposer.SERVER_ERROR));
                }
            }
        }
--- a/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java
+++ b/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java
@ -21,7 +21,7 @@ public class TradeOfferMultipleItemsEvent extends MessageHandler {
        int count = this.packet.readInt();
        for (int i = 0; i < count; i++) {
            HabboItem item = this.client.getHabbo().getInventory().getItemsComponent().getHabboItem(this.packet.readInt());
-            if (item != null) {
+            if (item != null && item.getBaseItem().allowTrade()) {
                items.add(item);
            }
        }