From 9ef916153790789edb65de7c0a55a020c1e1aebf Mon Sep 17 00:00:00 2001
From: CitadelStationBot <CitadelStationBot>
Date: Sat, 29 Apr 2017 16:59:08 -0500
Subject: [PATCH] [s] Patches SDQL exploits that can return world reference

---
 code/modules/admin/verbs/SDQL2/SDQL_2.dm | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/code/modules/admin/verbs/SDQL2/SDQL_2.dm b/code/modules/admin/verbs/SDQL2/SDQL_2.dm
index bda6354f93..59da67a990 100644
--- a/code/modules/admin/verbs/SDQL2/SDQL_2.dm
+++ b/code/modules/admin/verbs/SDQL2/SDQL_2.dm
@@ -251,6 +251,11 @@
 
 /proc/SDQL_from_objs(list/tree)
 	if("world" in tree)
+		if(IsAdminAdvancedProcCall())
+			var/msg = "WARNING: Attempt to retrieve world reference made by [usr]!"
+			log_admin(msg)
+			message_admins(msg)
+			return
 		return world
 	return SDQL_expression(world, tree)
 
@@ -451,6 +456,11 @@
 				else
 					return null
 			if("world")
+				if(IsAdminAdvancedProcCall())
+					var/msg = "WARNING: Attempt to retrieve world reference made by [usr]!"
+					log_admin(msg)
+					message_admins(msg)
+					return
 				v = world
 			if("global")
 				v = GLOB