I've get report about bug in logic of Gesior2012 acc. maker. I've tested MyAAC and there is same bug.
Some guy is going from server to server, abuse that bug and asks for ~15$ for fix.
What is it?
Guild owner can move players from other guilds to his own by changing their 'rank'.
By abusing this bug, he can destroy wars. He can move all players from other guild, including owner of guild, which makes guild members list empty.
Why? I want all OTS owners to update their website at same time. Before some idiots start to abuse it to destroy OTSes.
If you know any OTS owner, give him link to this thread.
If I will find bug description on any forum before that date. I will release fix immediately.
'Watch' this thread, if you don't want to miss early fix release.
Can someone hack OTS files? No.
Can someone hack OTS database? No.
Can someone get access to admin/GM account? No.
Can someone destroy game/waste time of some players? Yes.
I've contacted slawkens. He cannot be online at that date, so I will release fixes for Gesior2012 and MyAAC.
FIX
Gesior2012
Edit
Replace with:
MyAAC
Edit
Replace with:
Some guy is going from server to server, abuse that bug and asks for ~15$ for fix.
What is it?
Guild owner can move players from other guilds to his own by changing their 'rank'.
By abusing this bug, he can destroy wars. He can move all players from other guild, including owner of guild, which makes guild members list empty.
Why? I want all OTS owners to update their website at same time. Before some idiots start to abuse it to destroy OTSes.
If you know any OTS owner, give him link to this thread.
If I will find bug description on any forum before that date. I will release fix immediately.
'Watch' this thread, if you don't want to miss early fix release.
Can someone hack OTS files? No.
Can someone hack OTS database? No.
Can someone get access to admin/GM account? No.
Can someone destroy game/waste time of some players? Yes.
I've contacted slawkens. He cannot be online at that date, so I will release fixes for Gesior2012 and MyAAC.
FIX
Gesior2012
Edit
pages/guilds.php
. Find ( Gesior2012/guilds.php at master · gesior/Gesior2012 (https://github.com/gesior/Gesior2012/blob/master/pages/guilds.php#L343) ):
PHP:
if($guild->getName() == $player_to_change->getRank()->getGuild()->getName() || $guild_leader)
PHP:
if($guild->getName() == $player_to_change->getRank()->getGuild()->getName())
MyAAC
Edit
system/pages/guilds/change_rank.php
. Find ( myaac/change_rank.php at master · otsoft/myaac (https://github.com/otsoft/myaac/blob/master/system/pages/guilds/change_rank.php#L89) ):
PHP:
if($guild->getName() === $player_to_change->getRank()->getGuild()->getName() || $guild_leader)
PHP:
if($guild->getName() === $player_to_change->getRank()->getGuild()->getName())
Last edited: