From 02da4adf9ae6b477376bb27a092feec06a3f2b91 Mon Sep 17 00:00:00 2001 From: Nathanael Sensfelder Date: Tue, 28 Nov 2017 22:19:38 +0100 Subject: Fixes timed caches. Allowing a refresh of the timer opened the door to exploits. --- src/query/load_state.erl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/query/load_state.erl') diff --git a/src/query/load_state.erl b/src/query/load_state.erl index 1ffbbf8..9c28d2f 100644 --- a/src/query/load_state.erl +++ b/src/query/load_state.erl @@ -26,10 +26,12 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% parse_input (Req) -> JSONReqMap = jiffy:decode(Req, [return_maps]), + PlayerID = maps:get(<<"player_id">>, JSONReqMap), + SessionToken = maps:get(<<"session_token">>, JSONReqMap), + database_shim:assert_session_is_valid(PlayerID, SessionToken), #input { - session_token = maps:get(<<"session_token">>, JSONReqMap), - player_id = maps:get(<<"player_id">>, JSONReqMap), + player_id = PlayerID, battlemap_id = maps:get(<<"battlemap_id">>, JSONReqMap), instance_id = maps:get(<<"instance_id">>, JSONReqMap) }. -- cgit v1.2.3-70-g09d2