cyberpresidentvanellope/Bubberstation
1
0
Fork 0
mirror of https://github.com/Bubberstation/Bubberstation.git synced 2025-12-19 22:23:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f1c39e3804d86f716e3d74d064ff653cc7b51a0
Bubberstation/code/modules/modular_computers/file_system/programs/nt_pay.dm
SkyratBot 9f06f26ee5 [MIRROR] Fixes negative payment in NTpay & Encodes name param sent to admins in fax [MDB IGNORE] (#17729) 
* Fixes negative payment in NTpay & Encodes name param sent to admins in fax (#71491)

## About The Pull Request
NTpay wasn't validating negative input serverside, allowing for negative
payment to users(Negative - Negative = Positive, so it adds money to the
senders account.) Also encodes a parameter that was sent unsanitized to
admins.
## Why It's Good For The Game
## Changelog
🆑
fix: Fixes a NTPay exploit.
/🆑

* Fixes negative payment in NTpay & Encodes name param sent to admins in fax

Co-authored-by: CocaColaTastesGood <47264839+CocaColaTastesGood@users.noreply.github.com>
2022-11-24 22:13:16 +00:00

78 lines
2.8 KiB
Plaintext
Raw Blame History

/datum/computer_file/program/nt_pay
filename = "ntpay"
filedesc = "Nanotrasen Pay System"
category = PROGRAM_CATEGORY_MISC
program_icon_state = "generic"
extended_desc = "An application that locally (in your sector) helps to transfer money or track your expenses and profits."
size = 2
tgui_id = "NtosPay"
program_icon = "money-bill-wave"
usage_flags = PROGRAM_ALL
///Reference to the currently logged in user.
var/datum/bank_account/current_user
///Pay token, by which we can send credits
var/token
///Amount of credits, which we sends
var/money_to_send = 0
///Pay token what we want to find
var/wanted_token
/datum/computer_file/program/nt_pay/ui_act(action, list/params, datum/tgui/ui)
. = ..()
if(.)
return
switch(action)
if("Transaction")
token = params["token"]
money_to_send = params["amount"]
var/datum/bank_account/recipient
if(!token)
return to_chat(usr, span_notice("You need to enter your transfer target's pay token."))
if(!money_to_send)
return to_chat(usr, span_notice("You need to specify how much you're sending."))
if(token == current_user.pay_token)
return to_chat(usr, span_notice("You can't send credits to yourself."))
for(var/account as anything in SSeconomy.bank_accounts_by_id)
var/datum/bank_account/acc = SSeconomy.bank_accounts_by_id[account]
if(acc.pay_token == token)
recipient = acc
break
if(!recipient)
return to_chat(usr, span_notice("The app can't find who you're trying to pay. Did you enter the pay token right?"))
if(!current_user.has_money(money_to_send) || money_to_send < 1)
return current_user.bank_card_talk("You cannot afford it.")
recipient.bank_card_talk("You received [money_to_send] credit(s). Reason: transfer from [current_user.account_holder]")
recipient.transfer_money(current_user, money_to_send)
current_user.bank_card_talk("You send [money_to_send] credit(s) to [recipient.account_holder]. Now you have [current_user.account_balance] credit(s)")
if("GetPayToken")
wanted_token = null
for(var/account in SSeconomy.bank_accounts_by_id)
var/datum/bank_account/acc = SSeconomy.bank_accounts_by_id[account]
if(acc.account_holder == params["wanted_name"])
wanted_token = "Token: [acc.pay_token]"
break
if(!wanted_token)
return wanted_token = "Account \"[params["wanted_name"]]\" not found."
/datum/computer_file/program/nt_pay/ui_data(mob/user)
var/list/data = get_header_data()
current_user = computer.computer_id_slot?.registered_account || null
if(!current_user)
data["name"] = null
else
data["name"] = current_user.account_holder
data["owner_token"] = current_user.pay_token
data["money"] = current_user.account_balance
data["wanted_token"] = wanted_token
data["transaction_list"] = current_user.transaction_history
return data
Reference in New Issue View Git Blame Copy Permalink