Hercules Elf Bot - Jul 8, 2008 5:31
Originally posted by [b]RedXIII[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=1814
NPC-Shop lacks basic pc_cant_act() or shop status flags and can possibly open up an exploit.
Being in an npc's shop window doesn't lock movement server side; while the lock for act is blocked client side only. This is universal with any shop. You can click on a kafra and open a tool-dealer, you can click a tool-dealer and open a kafra.
Also the current code doesn't check range for floating shops since floating shops are an invisible class the player automatically passes the npc_checknear() function. This can lead to a possible exploit where a player can open up a shop to sell/buy with ANY floating shop. This can cause a big hacking problem if you're a server that has something like GM-Equipment for sale in a floating shop or a big zeny exploit problem for a server that offers discounted items for non-merchant items if their class doesn't have the discount skill.
Setting status flags to track buy-sell windows should be sufficient to fix both problems.
Hercules Elf Bot - Jan 14, 2012 9:07
Originally posted by [b]Ind[/b]
was fixed in a previous rA revision