Fix shuttle HREF exploit

This commit is contained in:
monster860
2016-05-15 10:17:26 -04:00
parent d2ed3f3e35
commit b1bef10909
+6
View File
@@ -683,7 +683,13 @@
to_chat(usr, "<span class='danger'>Access denied.</span>")
return
var/list/options = params2list(possible_destinations)
if(href_list["move"])
if(!options.Find(href_list["move"])) //I see you're trying Href exploits, I see you're failing, I SEE ADMIN WARNING.
// Seriously, though, NEVER trust a Topic with something like this. Ever.
message_admins("move HREF ([src] attempted to move to: [href_list["move"]]) exploit attempted by [key_name_admin(usr)] on [src] (<A HREF='?_src_=holder;adminplayerobservecoodjump=1;X=[x];Y=[y];Z=[z]'>JMP</a>)")
to_chat(usr, "<span class='userdanger'>Expect a ban. Soon.</span>")
return
switch(shuttle_master.moveShuttle(shuttleId, href_list["move"], 1))
if(0)
to_chat(usr, "<span class='notice'>Shuttle received message and will be sent shortly.</span>")