diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/guilds/forums/ForumThread.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/guilds/forums/ForumThread.java index a82a2d01..f7d9a65e 100644 --- a/Emulator/src/main/java/com/eu/habbo/habbohotel/guilds/forums/ForumThread.java +++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/guilds/forums/ForumThread.java @@ -135,16 +135,10 @@ public class ForumThread implements Runnable, ISerialize { try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement("SELECT A.*, B.`id` AS `last_comment_id` " + "FROM guilds_forums_threads A " + - "JOIN (" + - "SELECT * " + + "LEFT JOIN (" + + "SELECT `thread_id`, MAX(`id`) AS `id`, MAX(`created_at`) AS `created_at` " + "FROM `guilds_forums_comments` " + - "WHERE `id` IN (" + - "SELECT MAX(id) " + - "FROM `guilds_forums_comments` B " + - "GROUP BY `thread_id` AND B.`id` " + - "ORDER BY B.`id` " + - ") " + - "ORDER BY `id` DESC " + + "GROUP BY `thread_id`" + ") B ON A.`id` = B.`thread_id` " + "WHERE A.`guild_id` = ? " + "ORDER BY A.`pinned` DESC, B.`created_at` DESC " @@ -176,16 +170,10 @@ public class ForumThread implements Runnable, ISerialize { try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement( "SELECT A.*, B.`id` AS `last_comment_id` " + "FROM guilds_forums_threads A " + - "JOIN (" + - "SELECT * " + + "LEFT JOIN (" + + "SELECT `thread_id`, MAX(`id`) AS `id`, MAX(`created_at`) AS `created_at` " + "FROM `guilds_forums_comments` " + - "WHERE `id` IN (" + - "SELECT MAX(id) " + - "FROM `guilds_forums_comments` B " + - "GROUP BY `thread_id` AND b.`id`" + - "ORDER BY B.`id` " + - ") " + - "ORDER BY `id` DESC " + + "GROUP BY `thread_id`" + ") B ON A.`id` = B.`thread_id` " + "WHERE A.`id` = ? " + "ORDER BY A.`pinned` DESC, B.`created_at` DESC " + diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateMessageEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateMessageEvent.java index bb4d87eb..6851d0fd 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateMessageEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateMessageEvent.java @@ -36,6 +36,11 @@ public class GuildForumModerateMessageEvent extends MessageHandler { return; } + if (thread.getGuildId() != guildId) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + ForumThreadComment comment = thread.getCommentById(messageId); if (comment == null) { this.client.sendResponse(new ConnectionErrorComposer(404)); @@ -45,19 +50,20 @@ public class GuildForumModerateMessageEvent extends MessageHandler { boolean hasStaffPermissions = this.client.getHabbo().hasPermission(Permission.ACC_MODTOOL_TICKET_Q); GuildMember member = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, this.client.getHabbo().getHabboInfo().getId()); - if (member == null) { + if (member == null && !hasStaffPermissions) { this.client.sendResponse(new ConnectionErrorComposer(401)); return; } - boolean isGuildAdministrator = (guild.getOwnerId() == this.client.getHabbo().getHabboInfo().getId() || member.getRank().equals(GuildRank.ADMIN)); + boolean isGuildAdministrator = (guild.getOwnerId() == this.client.getHabbo().getHabboInfo().getId() || (member != null && member.getRank().equals(GuildRank.ADMIN))); if (!isGuildAdministrator && !hasStaffPermissions) { this.client.sendResponse(new ConnectionErrorComposer(403)); return; } - if (state == ForumThreadState.HIDDEN_BY_GUILD_ADMIN.getStateId() && !hasStaffPermissions) { + // Restrict state 20 (staff hidden) to staff only + if (state == 20 && !hasStaffPermissions) { this.client.sendResponse(new ConnectionErrorComposer(403)); return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateThreadEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateThreadEvent.java index 95a972fa..653a8806 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateThreadEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumModerateThreadEvent.java @@ -37,6 +37,11 @@ public class GuildForumModerateThreadEvent extends MessageHandler { return; } + if (thread.getGuildId() != guildId) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + GuildMember member = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, this.client.getHabbo().getHabboInfo().getId()); boolean hasStaffPerms = this.client.getHabbo().hasPermission(Permission.ACC_MODTOOL_TICKET_Q); @@ -52,6 +57,12 @@ public class GuildForumModerateThreadEvent extends MessageHandler { return; } + // Restrict state 20 (staff hidden) to staff only + if (state == 20 && !hasStaffPerms) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + thread.setState(ForumThreadState.fromValue(state)); // sets state as defined in the packet thread.run(); diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumPostThreadEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumPostThreadEvent.java index a1730c3b..b6415a71 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumPostThreadEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumPostThreadEvent.java @@ -74,6 +74,15 @@ public class GuildForumPostThreadEvent extends MessageHandler { return; } + if (thread.getGuildId() != guildId) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + + if (thread.isLocked() && !isStaff) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } if (!((guild.canPostMessages().state == 0) || (guild.canPostMessages().state == 1 && member != null) diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsEvent.java index 009a2cee..7d3f5b91 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsEvent.java @@ -2,6 +2,9 @@ package com.eu.habbo.messages.incoming.guilds.forums; import com.eu.habbo.Emulator; import com.eu.habbo.habbohotel.guilds.Guild; +import com.eu.habbo.habbohotel.guilds.GuildMember; +import com.eu.habbo.habbohotel.guilds.SettingsState; +import com.eu.habbo.habbohotel.permissions.Permission; import com.eu.habbo.messages.incoming.MessageHandler; import com.eu.habbo.messages.outgoing.guilds.forums.GuildForumDataComposer; import com.eu.habbo.messages.outgoing.guilds.forums.GuildForumThreadsComposer; @@ -25,6 +28,20 @@ public class GuildForumThreadsEvent extends MessageHandler { return; } + // Enforce read permissions + boolean isStaff = this.client.getHabbo().hasPermission(Permission.ACC_MODTOOL_TICKET_Q); + if (!isStaff && guild.canReadForum() != SettingsState.EVERYONE) { + GuildMember member = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, this.client.getHabbo().getHabboInfo().getId()); + if (guild.canReadForum() == SettingsState.MEMBERS && member == null) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + if (guild.canReadForum() == SettingsState.ADMINS && (member == null || member.getRank().type >= com.eu.habbo.habbohotel.guilds.GuildRank.MEMBER.type)) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + } + this.client.sendResponse(new GuildForumDataComposer(guild, this.client.getHabbo())); this.client.sendResponse(new GuildForumThreadsComposer(guild, index)); } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsMessagesEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsMessagesEvent.java index 3fd6a50c..ea6b7c46 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsMessagesEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumThreadsMessagesEvent.java @@ -4,6 +4,7 @@ import com.eu.habbo.Emulator; import com.eu.habbo.habbohotel.guilds.Guild; import com.eu.habbo.habbohotel.guilds.GuildMember; import com.eu.habbo.habbohotel.guilds.GuildRank; +import com.eu.habbo.habbohotel.guilds.SettingsState; import com.eu.habbo.habbohotel.guilds.forums.ForumThread; import com.eu.habbo.habbohotel.guilds.forums.ForumThreadState; import com.eu.habbo.habbohotel.permissions.Permission; @@ -37,9 +38,28 @@ public class GuildForumThreadsMessagesEvent extends MessageHandler { this.client.sendResponse(new ConnectionErrorComposer(404)); return; } + + // Verify thread belongs to the requested guild + if (thread.getGuildId() != guildId) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + GuildMember member = Emulator.getGameEnvironment().getGuildManager().getGuildMember(guildId, this.client.getHabbo().getHabboInfo().getId()); boolean isGuildAdministrator = (guild.getOwnerId() == this.client.getHabbo().getHabboInfo().getId() || (member != null && member.getRank().equals(GuildRank.ADMIN))); + // Enforce read permissions + if (!hasStaffPermissions && guild.canReadForum() != SettingsState.EVERYONE) { + if (guild.canReadForum() == SettingsState.MEMBERS && member == null) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + if (guild.canReadForum() == SettingsState.ADMINS && !isGuildAdministrator) { + this.client.sendResponse(new ConnectionErrorComposer(403)); + return; + } + } + if (thread.getState() != ForumThreadState.HIDDEN_BY_GUILD_ADMIN || hasStaffPermissions || isGuildAdministrator) { this.client.sendResponse(new GuildForumCommentsComposer(guildId, threadId, index, thread.getComments(limit, index))); this.client.sendResponse(new GuildForumDataComposer(guild, this.client.getHabbo()));