From e1fbaaf4908a8247763f15e2c1abf96bc5a7a42e Mon Sep 17 00:00:00 2001 From: Joel Date: Fri, 6 Sep 2024 16:25:05 -0700 Subject: [PATCH 1/4] fix(ui): prevent irrelevant amount sending on swap --- html/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/app.js b/html/app.js index ff00bea84..da8940f16 100644 --- a/html/app.js +++ b/html/app.js @@ -482,7 +482,7 @@ const InventoryContainer = Vue.createApp({ targetInventory[targetSlotNumber] = sourceItem; sourceInventory[this.currentlyDraggingSlot].slot = this.currentlyDraggingSlot; targetInventory[targetSlotNumber].slot = targetSlotNumber; - this.postInventoryData(this.dragStartInventoryType, targetInventoryType, this.currentlyDraggingSlot, targetSlotNumber, amountToTransfer, targetItem.amount); + this.postInventoryData(this.dragStartInventoryType, targetInventoryType, this.currentlyDraggingSlot, targetSlotNumber, sourceItem.amount, targetItem.amount); } } else { sourceItem.amount -= amountToTransfer; From c543e8c499940b518d0ab2b1a867c0148a874645 Mon Sep 17 00:00:00 2001 From: Joel Date: Fri, 6 Sep 2024 16:29:12 -0700 Subject: [PATCH 2/4] fix: prevent item dupe exploit on item swap --- server/main.lua | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/server/main.lua b/server/main.lua index e613fd3c6..3bfa405f1 100644 --- a/server/main.lua +++ b/server/main.lua @@ -495,9 +495,12 @@ RegisterNetEvent('qb-inventory:server:SetInventoryData', function(fromInventory, end else if toItem then - if RemoveItem(fromId, fromItem.name, fromAmount, fromSlot, 'swapped item') and RemoveItem(toId, toItem.name, toAmount, toSlot, 'swapped item') then - AddItem(toId, fromItem.name, fromAmount, toSlot, fromItem.info, 'swapped item') - AddItem(fromId, toItem.name, toAmount, fromSlot, toItem.info, 'swapped item') + local fromItemAmount = fromItem.amount + local toItemAmount = toItem.amount + + if RemoveItem(fromId, fromItem.name, fromItemAmount, fromSlot, 'swapped item') and RemoveItem(toId, toItem.name, toItemAmount, toSlot, 'swapped item') then + AddItem(toId, fromItem.name, fromItemAmount, toSlot, fromItem.info, 'swapped item') + AddItem(fromId, toItem.name, toItemAmount, fromSlot, toItem.info, 'swapped item') end else if RemoveItem(fromId, fromItem.name, toAmount, fromSlot, 'moved item') then From c5a7c91de4af84048d2642a87a628e088bac6c91 Mon Sep 17 00:00:00 2001 From: Joel Date: Fri, 6 Sep 2024 16:56:23 -0700 Subject: [PATCH 3/4] fix(ui): prevent give item if no one around --- html/app.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/html/app.js b/html/app.js index da8940f16..a11f4b530 100644 --- a/html/app.js +++ b/html/app.js @@ -698,12 +698,14 @@ const InventoryContainer = Vue.createApp({ } try { - await axios.post("https://qb-inventory/GiveItem", { + const response = await axios.post("https://qb-inventory/GiveItem", { item: selectedItem, amount: amountToGive, slot: selectedItem.slot, info: selectedItem.info, }); + if (!response.data) return; + this.playerInventory[selectedItem.slot].amount -= amountToGive; if (this.playerInventory[selectedItem.slot].amount === 0) { delete this.playerInventory[selectedItem.slot]; From fc9f32b4f3dfd75ff231fab711b08a1cc6eeb558 Mon Sep 17 00:00:00 2001 From: Joel Date: Fri, 6 Sep 2024 17:25:25 -0700 Subject: [PATCH 4/4] fix(ui): update player inventory on item drop --- html/app.js | 1 + 1 file changed, 1 insertion(+) diff --git a/html/app.js b/html/app.js index a11f4b530..55d8585e4 100644 --- a/html/app.js +++ b/html/app.js @@ -589,6 +589,7 @@ const InventoryContainer = Vue.createApp({ }); if (response.data) { + delete this.playerInventory[playerItemKey]; this.otherInventory[1] = newItem; this.otherInventoryName = response.data; this.otherInventoryLabel = response.data;