Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent item dupe exploit on item swap #573

Merged
merged 6 commits into from
Sep 7, 2024

Conversation

Qwerty1Verified
Copy link
Contributor

@Qwerty1Verified Qwerty1Verified commented Sep 6, 2024

Description

This PR fixes a duplication exploit and stops the front-end from sending a custom item transfer amount when two items that aren't the same are being swapped. This amount is unneeded for this action since the two items can't be stacked by any amount and need to completely swap if they're two different items.

This PR also updates the server-side of this request by not using the amounts provided by the front-end for swapping, and instead using the back-end .amount values known to the inventory. This is because for completely swapping two items, the full amounts for both items should be swapped, and no values from the client should be trusted unless performing an item name check on that slot after removal.

This could also be fixed across the board with other changes and validation to some exports.

This PR addresses the duplication exploit issues: #569, #563

Checklist

  • I have personally loaded this code into an updated qbcore project and checked all of its functionality.
  • My code fits the style guidelines.
  • My PR fits the contribution guidelines.

@Qwerty1Verified
Copy link
Contributor Author

Qwerty1Verified commented Sep 6, 2024

New commit addresses another bug with the UI on give item displaying the item being removed despite no one being around. This is issue: #567

@Qwerty1Verified
Copy link
Contributor Author

Qwerty1Verified commented Sep 7, 2024

Also addresses the duplication and UI issue #563

@GhzGarage GhzGarage merged commit f31e85a into qbcore-framework:main Sep 7, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants