Merge pull request #6707 from Citadel-Station-13/upstream-merge-37782

[MIRROR] [s] Fixes an admin unprotected var read/write exploit
This commit is contained in:
LetterJay
2018-05-12 17:04:39 -05:00
committed by GitHub
+8 -6
View File
@@ -81,12 +81,14 @@
/obj/item/clothing/equipped(mob/user, slot)
..()
if (!istype(user))
return
if(slot_flags & slotdefine2slotbit(slot)) //Was equipped to a valid slot for this item?
for(var/variable in user_vars_to_edit)
if(variable in user.vars)
user_vars_remembered[variable] = user.vars[variable]
user.vars[variable] = user_vars_to_edit[variable]
if (LAZYLEN(user_vars_to_edit))
for(var/variable in user_vars_to_edit)
if(variable in user.vars)
LAZYSET(user_vars_remembered, variable, user.vars[variable])
user.vv_edit_var(variable, user_vars_to_edit[variable])
/obj/item/clothing/examine(mob/user)
..()
@@ -285,4 +287,4 @@ BLIND // can't see anything
Shreds.desc = "The sad remains of what used to be [name]."
deconstruct(FALSE)
else
..()
..()