mirror of
https://github.com/Mezeporta/Erupe.git
synced 2025-12-15 08:25:09 +01:00
prevent reading past message board packet
This commit is contained in:
wish
@@ -2,6 +2,7 @@ package mhfpacket
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"erupe-ce/common/stringsupport"
|
||||||
|
|
||||||
"erupe-ce/common/byteframe"
|
"erupe-ce/common/byteframe"
|
||||||
"erupe-ce/network"
|
"erupe-ce/network"
|
||||||
@@ -12,7 +13,14 @@ import (
|
|||||||
type MsgMhfUpdateGuildMessageBoard struct {
|
type MsgMhfUpdateGuildMessageBoard struct {
|
||||||
AckHandle uint32
|
AckHandle uint32
|
||||||
MessageOp uint32
|
MessageOp uint32
|
||||||
Request []byte
|
PostType uint32
|
||||||
|
StampID uint32
|
||||||
|
TitleLength uint32
|
||||||
|
BodyLength uint32
|
||||||
|
Title string
|
||||||
|
Body string
|
||||||
|
PostID uint32
|
||||||
|
LikeState bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Opcode returns the ID associated with this packet type.
|
// Opcode returns the ID associated with this packet type.
|
||||||
@@ -24,9 +32,31 @@ func (m *MsgMhfUpdateGuildMessageBoard) Opcode() network.PacketID {
|
|||||||
func (m *MsgMhfUpdateGuildMessageBoard) Parse(bf *byteframe.ByteFrame, ctx *clientctx.ClientContext) error {
|
func (m *MsgMhfUpdateGuildMessageBoard) Parse(bf *byteframe.ByteFrame, ctx *clientctx.ClientContext) error {
|
||||||
m.AckHandle = bf.ReadUint32()
|
m.AckHandle = bf.ReadUint32()
|
||||||
m.MessageOp = bf.ReadUint32()
|
m.MessageOp = bf.ReadUint32()
|
||||||
if m.MessageOp != 5 {
|
switch m.MessageOp {
|
||||||
m.Request = bf.DataFromCurrent()
|
case 0:
|
||||||
bf.Seek(int64(len(bf.Data())-2), 0)
|
m.PostType = bf.ReadUint32()
|
||||||
|
m.StampID = bf.ReadUint32()
|
||||||
|
m.TitleLength = bf.ReadUint32()
|
||||||
|
m.BodyLength = bf.ReadUint32()
|
||||||
|
m.Title = stringsupport.SJISToUTF8(bf.ReadBytes(uint(m.TitleLength)))
|
||||||
|
m.Body = stringsupport.SJISToUTF8(bf.ReadBytes(uint(m.BodyLength)))
|
||||||
|
case 1:
|
||||||
|
m.PostID = bf.ReadUint32()
|
||||||
|
case 2:
|
||||||
|
m.PostID = bf.ReadUint32()
|
||||||
|
bf.ReadBytes(8)
|
||||||
|
m.TitleLength = bf.ReadUint32()
|
||||||
|
m.BodyLength = bf.ReadUint32()
|
||||||
|
m.Title = stringsupport.SJISToUTF8(bf.ReadBytes(uint(m.TitleLength)))
|
||||||
|
m.Body = stringsupport.SJISToUTF8(bf.ReadBytes(uint(m.BodyLength)))
|
||||||
|
case 3:
|
||||||
|
m.PostID = bf.ReadUint32()
|
||||||
|
bf.ReadBytes(8)
|
||||||
|
m.StampID = bf.ReadUint32()
|
||||||
|
case 4:
|
||||||
|
m.PostID = bf.ReadUint32()
|
||||||
|
bf.ReadBytes(8)
|
||||||
|
m.LikeState = bf.ReadBool()
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1867,7 +1867,6 @@ func handleMsgMhfEnumerateGuildMessageBoard(s *Session, p mhfpacket.MHFPacket) {
|
|||||||
|
|
||||||
func handleMsgMhfUpdateGuildMessageBoard(s *Session, p mhfpacket.MHFPacket) {
|
func handleMsgMhfUpdateGuildMessageBoard(s *Session, p mhfpacket.MHFPacket) {
|
||||||
pkt := p.(*mhfpacket.MsgMhfUpdateGuildMessageBoard)
|
pkt := p.(*mhfpacket.MsgMhfUpdateGuildMessageBoard)
|
||||||
bf := byteframe.NewByteFrameFromBytes(pkt.Request)
|
|
||||||
guild, err := GetGuildInfoByCharacterId(s, s.charID)
|
guild, err := GetGuildInfoByCharacterId(s, s.charID)
|
||||||
applicant := false
|
applicant := false
|
||||||
if guild != nil {
|
if guild != nil {
|
||||||
@@ -1879,45 +1878,26 @@ func handleMsgMhfUpdateGuildMessageBoard(s *Session, p mhfpacket.MHFPacket) {
|
|||||||
}
|
}
|
||||||
switch pkt.MessageOp {
|
switch pkt.MessageOp {
|
||||||
case 0: // Create message
|
case 0: // Create message
|
||||||
postType := bf.ReadUint32() // 0 = message, 1 = news
|
s.server.db.Exec("INSERT INTO guild_posts (guild_id, author_id, stamp_id, post_type, title, body) VALUES ($1, $2, $3, $4, $5, $6)", guild.ID, s.charID, pkt.StampID, pkt.PostType, pkt.Title, pkt.Body)
|
||||||
stampID := bf.ReadUint32()
|
|
||||||
titleLength := bf.ReadUint32()
|
|
||||||
bodyLength := bf.ReadUint32()
|
|
||||||
title := stringsupport.SJISToUTF8(bf.ReadBytes(uint(titleLength)))
|
|
||||||
body := stringsupport.SJISToUTF8(bf.ReadBytes(uint(bodyLength)))
|
|
||||||
s.server.db.Exec("INSERT INTO guild_posts (guild_id, author_id, stamp_id, post_type, title, body) VALUES ($1, $2, $3, $4, $5, $6)", guild.ID, s.charID, stampID, postType, title, body)
|
|
||||||
// TODO: if there are too many messages, purge excess
|
// TODO: if there are too many messages, purge excess
|
||||||
case 1: // Delete message
|
case 1: // Delete message
|
||||||
postID := bf.ReadUint32()
|
s.server.db.Exec("DELETE FROM guild_posts WHERE id = $1", pkt.PostID)
|
||||||
s.server.db.Exec("DELETE FROM guild_posts WHERE id = $1", postID)
|
|
||||||
case 2: // Update message
|
case 2: // Update message
|
||||||
postID := bf.ReadUint32()
|
s.server.db.Exec("UPDATE guild_posts SET title = $1, body = $2 WHERE id = $3", pkt.Title, pkt.Body, pkt.PostID)
|
||||||
bf.ReadBytes(8)
|
|
||||||
titleLength := bf.ReadUint32()
|
|
||||||
bodyLength := bf.ReadUint32()
|
|
||||||
title := stringsupport.SJISToUTF8(bf.ReadBytes(uint(titleLength)))
|
|
||||||
body := stringsupport.SJISToUTF8(bf.ReadBytes(uint(bodyLength)))
|
|
||||||
s.server.db.Exec("UPDATE guild_posts SET title = $1, body = $2 WHERE id = $3", title, body, postID)
|
|
||||||
case 3: // Update stamp
|
case 3: // Update stamp
|
||||||
postID := bf.ReadUint32()
|
s.server.db.Exec("UPDATE guild_posts SET stamp_id = $1 WHERE id = $2", pkt.StampID, pkt.PostID)
|
||||||
bf.ReadBytes(8)
|
|
||||||
stampID := bf.ReadUint32()
|
|
||||||
s.server.db.Exec("UPDATE guild_posts SET stamp_id = $1 WHERE id = $2", stampID, postID)
|
|
||||||
case 4: // Like message
|
case 4: // Like message
|
||||||
postID := bf.ReadUint32()
|
|
||||||
bf.ReadBytes(8)
|
|
||||||
likeState := bf.ReadBool()
|
|
||||||
var likedBy string
|
var likedBy string
|
||||||
err := s.server.db.QueryRow("SELECT liked_by FROM guild_posts WHERE id = $1", postID).Scan(&likedBy)
|
err := s.server.db.QueryRow("SELECT liked_by FROM guild_posts WHERE id = $1", pkt.PostID).Scan(&likedBy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Error("Failed to get guild message like data from db", zap.Error(err))
|
s.logger.Error("Failed to get guild message like data from db", zap.Error(err))
|
||||||
} else {
|
} else {
|
||||||
if likeState {
|
if pkt.LikeState {
|
||||||
likedBy = stringsupport.CSVAdd(likedBy, int(s.charID))
|
likedBy = stringsupport.CSVAdd(likedBy, int(s.charID))
|
||||||
s.server.db.Exec("UPDATE guild_posts SET liked_by = $1 WHERE id = $2", likedBy, postID)
|
s.server.db.Exec("UPDATE guild_posts SET liked_by = $1 WHERE id = $2", likedBy, pkt.PostID)
|
||||||
} else {
|
} else {
|
||||||
likedBy = stringsupport.CSVRemove(likedBy, int(s.charID))
|
likedBy = stringsupport.CSVRemove(likedBy, int(s.charID))
|
||||||
s.server.db.Exec("UPDATE guild_posts SET liked_by = $1 WHERE id = $2", likedBy, postID)
|
s.server.db.Exec("UPDATE guild_posts SET liked_by = $1 WHERE id = $2", likedBy, pkt.PostID)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
case 5: // Check for new messages
|
case 5: // Check for new messages
|
||||||
|
|||||||
Reference in New Issue
Block a user