mirror of
https://github.com/openfrontio/OpenFrontIO.git
synced 2026-07-17 07:30:05 +00:00
fix execution validation, verify that clientID own playerID to prevent spoofing
This commit is contained in:
@@ -19,6 +19,21 @@ export class AllianceRequestExecution implements Execution {
|
||||
) {}
|
||||
|
||||
init(mg: Game, ticks: number): void {
|
||||
if (!mg.hasPlayer(this.requestorID)) {
|
||||
console.warn(
|
||||
`AllianceRequestExecution requester ${this.requestorID} not found`,
|
||||
);
|
||||
this.active = false;
|
||||
return;
|
||||
}
|
||||
if (!mg.hasPlayer(this.recipientID)) {
|
||||
console.warn(
|
||||
`AllianceRequestExecution recipient ${this.recipientID} not found`,
|
||||
);
|
||||
this.active = false;
|
||||
return;
|
||||
}
|
||||
|
||||
this.mg = mg;
|
||||
this.requestor = mg.player(this.requestorID);
|
||||
this.recipient = mg.player(this.recipientID);
|
||||
|
||||
Reference in New Issue
Block a user