From 8e68ec18aa24689526a4fbda48fca5fbd5dd9123 Mon Sep 17 00:00:00 2001 From: nveid Date: Mon, 9 Apr 2007 07:03:50 +0000 Subject: [PATCH] Fixed permission problem in zwho and zmwho and wrote helpfiles. --- game/txt/changes/0.72p4 | 5 ++++- game/txt/hlp/cobra_func.hlp | 13 +++++++++++++ src/bsd.c | 9 ++++----- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/game/txt/changes/0.72p4 b/game/txt/changes/0.72p4 index 7d4d7ac..42387c1 100644 --- a/game/txt/changes/0.72p4 +++ b/game/txt/changes/0.72p4 @@ -8,6 +8,8 @@ CobraMUSH Version 0.72p4 Version 0.72p4 is a bugfix/maintenance release of version 0.72. It is the fourth bugfix/maintenance release in that series. + Helpfiles: + * Missing zwho/zmwho() helpfiles written. [RLB] Fixes: * Flags stored in the main database were not being loaded correctly. [RLB] * Parts of the RPMODE_SYS were not appropriately enclosed in ifdef @@ -18,4 +20,5 @@ CobraMUSH Version 0.72p4 * Fixed a bug related to uninitialized lastmod entries [AEJ] * Fixed SHS 64-bit incompatability, to allow password encryption to work properly on 64-bit platforms [AEJ] - + * zwho() and zmwho() were insecure and did not properely do permissions checks + on if the victim could actually see the people online or not. [RLB] diff --git a/game/txt/hlp/cobra_func.hlp b/game/txt/hlp/cobra_func.hlp index dbc52f2..6aafe9c 100644 --- a/game/txt/hlp/cobra_func.hlp +++ b/game/txt/hlp/cobra_func.hlp @@ -4631,3 +4631,16 @@ See also: lwho(), mwho(), nwho() function tries to change the zone on the object before reporting it. See also: ZONES +& ZWHO() +& ZMWHO() + zwho( [, ] ) + zmwho() + + These functions return the dbrefs of the players online in a particular + zone. Supplying viewer to zwho will show the players the supplied viewer + can actually see on by normally typing WHO. + + ZMwho() will show the minimal amount of players online that the lowliest + of mortals would actually be able to see. + + See also: lwho() diff --git a/src/bsd.c b/src/bsd.c index cf2efce..c904e1a 100644 --- a/src/bsd.c +++ b/src/bsd.c @@ -4122,7 +4122,7 @@ FUNCTION(fun_zwho) DESC *d; dbref zone, victim; int first; - int powered = (strcmp(called_as, "ZMWHO") && Priv_Who(executor) || (Inherit_Powers(executor) && Priv_Who(Owner(executor)))); + int powered = (strcmp(called_as, "ZMWHO") && Priv_Who(executor)); first = 1; zone = match_thing(executor, args[0]); @@ -4139,7 +4139,7 @@ FUNCTION(fun_zwho) return; } - if (!GoodObject(zone) || !(eval_lock(victim, zone, Zone_Lock) || CanModify(victim,zone))) { + if (!GoodObject(zone) || !(eval_lock(victim, zone, Zone_Lock) || CanSee(victim,zone))) { safe_str(T(e_perm), buff, bp); return; } @@ -4154,8 +4154,8 @@ FUNCTION(fun_zwho) powered = 0; DESC_ITER_CONN(d) { - if (!Hidden(d) || powered) { - if (Zone(Location(d->player)) == zone) { + if (Zone(Location(d->player)) == zone && + (!Hidden(d) || (powered && CanSee(victim, d->player))) ) { if (first) { first = 0; } else { @@ -4163,7 +4163,6 @@ FUNCTION(fun_zwho) } safe_dbref(d->player, buff, bp); } - } } } -- 2.30.2