Originally posted by [b]Jobbie[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=3301
As I have seen that many of gm's of various private server using eAthena was exploiting the @statall command. When I try to look at the code,
I found that the check for the inputting of a value for the command was based to
SHRT_MAX if the input is greater than the max_paramater and this will cause exploiting to a higher value of stats.
From the code:
CODE
if (!message || !*message || sscanf(message, "%d", &value) < 1 || value == 0) {
value = pc_maxparameter(sd);
max = pc_maxparameter(sd);
} else {
max = SHRT_MAX;
}
So meaning if the value was inputted higher than the max parameter as I mentioned above will cause to make the stats higher than to it.
Then if using only a command @statall and not inputting a value then the max parameter will be used.
So I conclude this to avoid minor exploit to a server by GM's is to try to change in 'else statement' part the 'max' equivalent or removing the else statement.
A fix without removing the else statement:
CODE
if (!message || !*message || sscanf(message, "%d", &value) < 1 || value == 0) {
value = pc_maxparameter(sd);
max = pc_maxparameter(sd);
} else {
max = pc_maxparameter(sd);
}
The code was tested and it works fine.. Hoping for feedback.