Fixed exploit to generate money or items

When 'auto-calculate-item-amount' was set to true and the player was
sneaking, he could buy something even though the shop didn't have a
whole stack in stock, but still get the items, or he could sell
something even though he didn't have a stack in his inventory, but
still get the money for it.

Closes #93
This commit is contained in:
Eric 2017-04-10 17:46:00 +02:00
parent d7985c615d
commit ed4a14dfa5

View File

@ -313,7 +313,9 @@ public class ShopInteractListener implements Listener {
} else { } else {
if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) { if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) {
Chest c = (Chest) b.getState(); Chest c = (Chest) b.getState();
if (Utils.getAmount(c.getInventory(), shop.getProduct()) >= shop.getProduct().getAmount()) { int amount = (p.isSneaking() ? shop.getProduct().getMaxStackSize() : shop.getProduct().getAmount());
if (Utils.getAmount(c.getInventory(), shop.getProduct()) >= amount) {
buy(p, shop, p.isSneaking()); buy(p, shop, p.isSneaking());
} else { } else {
if (config.auto_calculate_item_amount && Utils.getAmount(c.getInventory(), shop.getProduct()) > 0) { if (config.auto_calculate_item_amount && Utils.getAmount(c.getInventory(), shop.getProduct()) > 0) {
@ -372,11 +374,14 @@ public class ShopInteractListener implements Listener {
} }
if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) { if (externalPluginsAllowed || p.hasPermission(Permissions.BYPASS_EXTERNAL_PLUGIN)) {
if (Utils.getAmount(p.getInventory(), shop.getProduct()) >= shop.getProduct().getAmount()) { boolean stack = p.isSneaking() && !Utils.hasAxeInHand(p);
sell(p, shop, p.isSneaking() && !Utils.hasAxeInHand(p)); int amount = stack ? shop.getProduct().getMaxStackSize() : shop.getProduct().getAmount();
if (Utils.getAmount(p.getInventory(), shop.getProduct()) >= amount) {
sell(p, shop, stack);
} else { } else {
if (config.auto_calculate_item_amount && Utils.getAmount(p.getInventory(), shop.getProduct()) > 0) { if (config.auto_calculate_item_amount && Utils.getAmount(p.getInventory(), shop.getProduct()) > 0) {
sell(p, shop, p.isSneaking() && !Utils.hasAxeInHand(p)); sell(p, shop, stack);
} else { } else {
p.sendMessage(LanguageUtils.getMessage(LocalizedMessage.Message.NOT_ENOUGH_ITEMS)); p.sendMessage(LanguageUtils.getMessage(LocalizedMessage.Message.NOT_ENOUGH_ITEMS));
plugin.debug(p.getName() + " doesn't have enough items"); plugin.debug(p.getName() + " doesn't have enough items");