duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 23:36:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(polls): scope answers to active room poll

Browse Source 
Require poll answer, cancel, and question-data packets to match the poll configured on the caller's current room. Previously a crafted packet could target any loaded poll id and submit the final question directly, including badge-reward polls, without being in a room where that poll was active.

Keep word quiz handling null-safe and add a contract test covering current-room poll scoping for all poll handlers.
This commit is contained in:
simoleo89
2026-06-13 17:37:58 +02:00
parent eb41e3afb9
commit 8e21765676
4 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/incoming/polls/PollRoomScopeContractTest.java
+33
View File
@@ -0,0 +1,33 @@
package com.eu.habbo.messages.incoming.polls;
import org.junit.jupiter.api.Test;
import java.nio.file.Files;
import java.nio.file.Path;
import static org.junit.jupiter.api.Assertions.assertTrue;
class PollRoomScopeContractTest {
@Test
void pollHandlersRequireMatchingCurrentRoomPoll() throws Exception {
assertRequiresMatchingRoomPoll("AnswerPollEvent.java");
assertRequiresMatchingRoomPoll("CancelPollEvent.java");
assertRequiresMatchingRoomPoll("GetPollDataEvent.java");
}
private void assertRequiresMatchingRoomPoll(String fileName) throws Exception {
String source = Files.readString(Path.of("src/main/java/com/eu/habbo/messages/incoming/polls/" + fileName));
int packetPollId = source.indexOf("int pollId = this.packet.readInt();");
int pollLookup = source.indexOf("getPoll(pollId)");
assertTrue(packetPollId >= 0, fileName + " must read the poll id from the packet");
assertTrue(pollLookup >= 0, fileName + " must look up the requested poll explicitly");
String guardedSection = source.substring(packetPollId, pollLookup);
assertTrue(guardedSection.contains("getCurrentRoom()"),
fileName + " must bind poll actions to the caller's current room");
assertTrue(guardedSection.contains("room == null || room.getPollId() != pollId"),
fileName + " must reject poll ids that are not active in the current room");
}
}