Issue Information
-
#004629
-
1 - Low
-
Fixed
Issue Confirmations
-
Yes (0)No (0)
0
Originally posted by Ai4rei
http://www.eathena.w...er&showbug=4629
In the beginning adding friends was one-sided and without confirmation. In r1602 the confirmation mechanism was introduced, which required the player being added to agree to the process. Due to the fact, that the server does not track of the state, whether or not an invitation has been sent, this allows adding oneself into others' friend list without their consent by sending clif_parse_FriendsListReply packet through 3rd-party means such as WPE.
Possible solution would be to track of the char_id of last sent invitation and accepting only reply from this char_id.
8769
This post has been edited by Ai4rei: Dec 9 2010, 05:33 AM
http://www.eathena.w...er&showbug=4629
In the beginning adding friends was one-sided and without confirmation. In r1602 the confirmation mechanism was introduced, which required the player being added to agree to the process. Due to the fact, that the server does not track of the state, whether or not an invitation has been sent, this allows adding oneself into others' friend list without their consent by sending clif_parse_FriendsListReply packet through 3rd-party means such as WPE.
Possible solution would be to track of the char_id of last sent invitation and accepting only reply from this char_id.
This post has been edited by Ai4rei: Dec 9 2010, 05:33 AM
