Version 0.72p4 is a bugfix/maintenance release of version 0.72.
It is the fourth bugfix/maintenance release in that series.
+ Helpfiles:
+ * Missing zwho/zmwho() helpfiles written. [RLB]
Fixes:
* Flags stored in the main database were not being loaded correctly. [RLB]
* Parts of the RPMODE_SYS were not appropriately enclosed in ifdef
* Fixed a bug related to uninitialized lastmod entries [AEJ]
* Fixed SHS 64-bit incompatability, to allow password encryption
to work properly on 64-bit platforms [AEJ]
-
+ * zwho() and zmwho() were insecure and did not properely do permissions checks
+ on if the victim could actually see the people online or not. [RLB]
function tries to change the zone on the object before reporting it.
See also: ZONES
+& ZWHO()
+& ZMWHO()
+ zwho(<zone> [, <viewer> ] )
+ zmwho(<zone>)
+
+ These functions return the dbrefs of the players online in a particular
+ zone. Supplying viewer to zwho will show the players the supplied viewer
+ can actually see on by normally typing WHO.
+
+ ZMwho() will show the minimal amount of players online that the lowliest
+ of mortals would actually be able to see.
+
+ See also: lwho()
DESC *d;
dbref zone, victim;
int first;
- int powered = (strcmp(called_as, "ZMWHO") && Priv_Who(executor) || (Inherit_Powers(executor) && Priv_Who(Owner(executor))));
+ int powered = (strcmp(called_as, "ZMWHO") && Priv_Who(executor));
first = 1;
zone = match_thing(executor, args[0]);
return;
}
- if (!GoodObject(zone) || !(eval_lock(victim, zone, Zone_Lock) || CanModify(victim,zone))) {
+ if (!GoodObject(zone) || !(eval_lock(victim, zone, Zone_Lock) || CanSee(victim,zone))) {
safe_str(T(e_perm), buff, bp);
return;
}
powered = 0;
DESC_ITER_CONN(d) {
- if (!Hidden(d) || powered) {
- if (Zone(Location(d->player)) == zone) {
+ if (Zone(Location(d->player)) == zone &&
+ (!Hidden(d) || (powered && CanSee(victim, d->player))) ) {
if (first) {
first = 0;
} else {
}
safe_dbref(d->player, buff, bp);
}
- }
}
}
projects / cobramush.git / commitdiff