Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-05-29 20:22:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix score uploading exploit

Browse source
This commit is contained in:
Slendy 2022-11-05 22:37:16 -05:00
parent 84e2914e40
commit b0d780b91e
No known key found for this signature in database
GPG key ID: 7288D68361B91428
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ProjectLighthouse.Servers.GameServer/Controllers/Slots/ScoreController.cs
View file

@ -4,6 +4,7 @@ using System.Xml.Serialization;
using LBPUnion.ProjectLighthouse.Helpers;
using LBPUnion.ProjectLighthouse.Levels;
using LBPUnion.ProjectLighthouse.Logging;
using LBPUnion.ProjectLighthouse.Match.MatchCommands;
using LBPUnion.ProjectLighthouse.PlayerData;
using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
using LBPUnion.ProjectLighthouse.Serialization;
@ -74,6 +75,13 @@ public class ScoreController : ControllerBase
return this.BadRequest();
}
if (!score.PlayerIds.Contains(username))
{
Logger.Warn("Rejecting score upload, requester username is not present in playerIds" +
$" (user={username}, playerIds={string.Join(",", score.PlayerIds)}", LogArea.Score);
return this.BadRequest();
}
SanitizationHelper.SanitizeStringsInClass(score);
if (slotType == "developer") id = await SlotHelper.GetPlaceholderSlotId(this.database, id, SlotType.Developer);