Mirrored_Repos/houdini
1
0
Fork 0
mirror of https://github.com/solero/houdini.git synced 2026-01-03 10:22:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve negative donation vulnerability (#110)

Browse Source 
Previously, penguins could donate a negative amount of coins to arbitrarily add coins to their balance.
This commit is contained in:
Eric Medina
2025-12-30 22:06:03 -06:00
committed by GitHub
parent 59641d9d30
commit e05654f021
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
houdini/handlers/play/survey.py
View File

@@ -1,10 +1,12 @@
from houdini import handlers from houdini import handlers
from houdini.data.penguin import CfcDonation from houdini.data.penguin import CfcDonation
from houdini.handlers import XTPacket from houdini.handlers import XTPacket
from houdini.handlers.play.moderation import cheat_ban
@handlers.handler(XTPacket('e', 'dc')) @handlers.handler(XTPacket('e', 'dc'))
async def handle_donate_to_charity(p, charity: int, coins: int): async def handle_donate_to_charity(p, charity: int, coins: int):
if coins <= 0:
return await cheat_ban(p, p.id, comment="Negative charity donation")
if p.coins >= coins and 0 <= charity <= 4: if p.coins >= coins and 0 <= charity <= 4:
await p.update(coins=p.coins-coins).apply() await p.update(coins=p.coins-coins).apply()
await CfcDonation.create(penguin_id=p.id, coins=coins, charity=charity) await CfcDonation.create(penguin_id=p.id, coins=coins, charity=charity)