From efcab418f171862c978c097d3e856b28e87712c9 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Tue, 23 May 2023 08:17:30 +0300
Subject: [PATCH] emergency ACE fix patch

i've been told it's caused by pickup triggers using groups above 1,000, so all levels using groups above 1,100 and colors above 1,100 are instantly rejected

in the future it may be worth to abstract this into a level check function, runnable via command-line
---
 src/endpoints/levels/uploadLevel.cr | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/endpoints/levels/uploadLevel.cr b/src/endpoints/levels/uploadLevel.cr
index 044e074..4ad72e7 100644
--- a/src/endpoints/levels/uploadLevel.cr
+++ b/src/endpoints/levels/uploadLevel.cr
@@ -66,16 +66,16 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(context : HTTP::Server::C
     if forbidden_obj = level_objects.find do |obj|
       if !obj.has_key?("1")
         false
+      end
+
+      id = obj["1"].to_i
+      if allowed_objects.size > 0
+        if !allowed_objects.includes?(id)
+          true
+        end
       else
-        id = obj["1"].to_i
-        if allowed_objects.size > 0
-          if !allowed_objects.includes?(id)
-            true
-          end
-        else
-          if forbidden_objects.includes?(id)
-            true
-          end
+        if forbidden_objects.includes?(id)
+          true
         end
       end
     end
@@ -83,6 +83,16 @@ CrystalGauntlet.endpoints["/uploadGJLevel21.php"] = ->(context : HTTP::Server::C
       return "-1"
     end
 
+    if exploit_obj = level_objects.find do |obj|
+      # target color ID
+      (obj.has_key?("23") && obj["23"].to_i < 0 || obj["23"].to_i > 1100) ||
+      # target group ID
+      (obj.has_key?("51") && obj["51"].to_i < 0 || obj["51"].to_i > 1100)
+    end
+      LOG.info { "preventing upload of level attempting to exploit invalid color/group IDs" }
+      return "-1"
+    end
+
     coins = level_objects.count { |obj| obj["1"]? == "1329" } # user coin id
 
     # todo: check if dual portals even exist?