From ed4a14dfa59df3700ba605c21663991843d50c76 Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 10 Apr 2017 17:46:00 +0200 Subject: [PATCH] Fixed exploit to generate money or items When 'auto-calculate-item-amount' was set to true and the player was sneaking, he could buy something even though the shop didn't have a whole stack in stock, but still get the items, or he could sell something even though he didn't have a stack in his inventory, but still get the money for it. Closes #93 --- .../shopchest/listeners/ShopInteractListener.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/main/java/de/epiceric/shopchest/listeners/ShopInteractListener.java b/src/main/java/de/epiceric/shopchest/listeners/ShopInteractListener.java index 0717ac6..06144e9 100644 --- a/src/main/java/de/epiceric/shopchest/listeners/ShopInteractListener.java +++ b/src/main/java/de/epiceric/shopchest/listeners/ShopInteractListener.java @@ -313,7 +313,9 @@ public class ShopInteractListener implements Listener { } else { if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) { Chest c = (Chest) b.getState(); - if (Utils.getAmount(c.getInventory(), shop.getProduct()) >= shop.getProduct().getAmount()) { + int amount = (p.isSneaking() ? shop.getProduct().getMaxStackSize() : shop.getProduct().getAmount()); + + if (Utils.getAmount(c.getInventory(), shop.getProduct()) >= amount) { buy(p, shop, p.isSneaking()); } else { if (config.auto_calculate_item_amount && Utils.getAmount(c.getInventory(), shop.getProduct()) > 0) { @@ -372,11 +374,14 @@ public class ShopInteractListener implements Listener { } if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) { - if (Utils.getAmount(p.getInventory(), shop.getProduct()) >= shop.getProduct().getAmount()) { - sell(p, shop, p.isSneaking() && !Utils.hasAxeInHand(p)); + boolean stack = p.isSneaking() && !Utils.hasAxeInHand(p); + int amount = stack ? shop.getProduct().getMaxStackSize() : shop.getProduct().getAmount(); + + if (Utils.getAmount(p.getInventory(), shop.getProduct()) >= amount) { + sell(p, shop, stack); } else { if (config.auto_calculate_item_amount && Utils.getAmount(p.getInventory(), shop.getProduct()) > 0) { - sell(p, shop, p.isSneaking() && !Utils.hasAxeInHand(p)); + sell(p, shop, stack); } else { p.sendMessage(LanguageUtils.getMessage(LocalizedMessage.Message.NOT_ENOUGH_ITEMS)); plugin.debug(p.getName() + " doesn't have enough items");