emergency ACE fix patch
i've been told it's caused by pickup triggers using groups above 1,000, so all levels using groups above 1,100 and colors above 1,100 are instantly rejected in the future it may be worth to abstract this into a level check function, runnable via command-line
This commit is contained in:
parent
286a2eb9a8
commit
efcab418f1
|
@ -66,16 +66,16 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(context : HTTP::Server::C
|
|||
if forbidden_obj = level_objects.find do |obj|
|
||||
if !obj.has_key?("1")
|
||||
false
|
||||
end
|
||||
|
||||
id = obj["1"].to_i
|
||||
if allowed_objects.size > 0
|
||||
if !allowed_objects.includes?(id)
|
||||
true
|
||||
end
|
||||
else
|
||||
id = obj["1"].to_i
|
||||
if allowed_objects.size > 0
|
||||
if !allowed_objects.includes?(id)
|
||||
true
|
||||
end
|
||||
else
|
||||
if forbidden_objects.includes?(id)
|
||||
true
|
||||
end
|
||||
if forbidden_objects.includes?(id)
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -83,6 +83,16 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(context : HTTP::Server::C
|
|||
return "-1"
|
||||
end
|
||||
|
||||
if exploit_obj = level_objects.find do |obj|
|
||||
# target color ID
|
||||
(obj.has_key?("23") && obj["23"].to_i < 0 || obj["23"].to_i > 1100) ||
|
||||
# target group ID
|
||||
(obj.has_key?("51") && obj["51"].to_i < 0 || obj["51"].to_i > 1100)
|
||||
end
|
||||
LOG.info { "preventing upload of level attempting to exploit invalid color/group IDs" }
|
||||
return "-1"
|
||||
end
|
||||
|
||||
coins = level_objects.count { |obj| obj["1"]? == "1329" } # user coin id
|
||||
|
||||
# todo: check if dual portals even exist?
|
||||
|
|
Loading…
Reference in New Issue