void Server::handleCommand_InventoryFields(NetworkPacket* pkt)
{
- std::string formname;
+ std::string client_formspec_name;
u16 num;
- *pkt >> formname >> num;
+ *pkt >> client_formspec_name >> num;
StringMap fields;
for (u16 k = 0; k < num; k++) {
return;
}
- m_script->on_playerReceiveFields(playersao, formname, fields);
+ if (client_formspec_name.empty()) { // pass through inventory submits
+ m_script->on_playerReceiveFields(playersao, client_formspec_name, fields);
+ return;
+ }
+
+ // verify that we displayed the formspec to the user
+ const auto peer_state_iterator = m_formspec_state_data.find(pkt->getPeerId());
+ if (peer_state_iterator != m_formspec_state_data.end()) {
+ const std::string &server_formspec_name = peer_state_iterator->second;
+ if (client_formspec_name == server_formspec_name) {
+ m_script->on_playerReceiveFields(playersao, client_formspec_name, fields);
+ if (fields["quit"] == "true")
+ m_formspec_state_data.erase(peer_state_iterator);
+ return;
+ }
+ actionstream << "'" << player->getName()
+ << "' submitted formspec ('" << client_formspec_name
+ << "') but the name of the formspec doesn't match the"
+ " expected name ('" << server_formspec_name << "')";
+
+ } else {
+ actionstream << "'" << player->getName()
+ << "' submitted formspec ('" << client_formspec_name
+ << "') but server hasn't sent formspec to client";
+ }
+ actionstream << ", possible exploitation attempt" << std::endl;
}
void Server::handleCommand_FirstSrp(NetworkPacket* pkt)
NetworkPacket pkt(TOCLIENT_SHOW_FORMSPEC, 0 , peer_id);
if (formspec.empty()){
//the client should close the formspec
+ m_formspec_state_data.erase(peer_id);
pkt.putLongString("");
} else {
+ m_formspec_state_data[peer_id] = formname;
pkt.putLongString(FORMSPEC_VERSION_STRING + formspec);
}
pkt << formname;
++i;
}
+ // clear formspec info so the next client can't abuse the current state
+ m_formspec_state_data.erase(peer_id);
+
RemotePlayer *player = m_env->getPlayer(peer_id);
/* Run scripts and remove from environment */