From eb41e3afb90abae4a125c9e164c184b938201d4f Mon Sep 17 00:00:00 2001
From: simoleo89 <simoleo89@gmail.com>
Date: Sat, 13 Jun 2026 17:20:01 +0200
Subject: [PATCH] fix(rooms): scope self moderation to current room

Reject client-supplied room ids for self-moderation packets unless they match the caller's current room. This prevents users with saved rights or ownership in another room from muting, banning, or unbanning users remotely via crafted packets.

RoomUserBanEvent now also ignores invalid ban type values instead of letting valueOf throw through the message handler.

Add a contract test covering ban, mute, and unban current-room scoping.
---
 .../rooms/users/RoomUserBanEvent.java         | 17 +++++++++++--
 .../rooms/users/RoomUserMuteEvent.java        | 19 ++++++++-------
 .../rooms/users/UnbanRoomUserEvent.java       | 12 +++++-----
 .../RoomModerationScopeContractTest.java      | 24 +++++++++++++++++++
 4 files changed, 55 insertions(+), 17 deletions(-)
 create mode 100644 Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomModerationScopeContractTest.java

diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserBanEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserBanEvent.java
index d806fd39..df071e0a 100644
--- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserBanEvent.java
+++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserBanEvent.java
@@ -2,6 +2,7 @@ package com.eu.habbo.messages.incoming.rooms.users;
 
 import com.eu.habbo.Emulator;
 import com.eu.habbo.habbohotel.rooms.RoomManager;
+import com.eu.habbo.habbohotel.rooms.Room;
 import com.eu.habbo.messages.incoming.MessageHandler;
 
 public class RoomUserBanEvent extends MessageHandler {
@@ -11,6 +12,18 @@ public class RoomUserBanEvent extends MessageHandler {
         int roomId = this.packet.readInt();
         String banName = this.packet.readString();
 
-        Emulator.getGameEnvironment().getRoomManager().banUserFromRoom(this.client.getHabbo(), userId, roomId, RoomManager.RoomBanTypes.valueOf(banName));
+        Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
+        if (room == null || room.getId() != roomId) {
+            return;
+        }
+
+        RoomManager.RoomBanTypes banType;
+        try {
+            banType = RoomManager.RoomBanTypes.valueOf(banName);
+        } catch (IllegalArgumentException e) {
+            return;
+        }
+
+        Emulator.getGameEnvironment().getRoomManager().banUserFromRoom(this.client.getHabbo(), userId, roomId, banType);
     }
-}
\ No newline at end of file
+}
diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserMuteEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserMuteEvent.java
index 8acca3b2..1e91d572 100644
--- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserMuteEvent.java
+++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserMuteEvent.java
@@ -15,17 +15,18 @@ public class RoomUserMuteEvent extends MessageHandler {
         int roomId = this.packet.readInt();
         int minutes = this.packet.readInt();
 
-        Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId);
+        Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
+        if (room == null || room.getId() != roomId) {
+            return;
+        }
 
-        if (room != null) {
-            if (room.hasRights(this.client.getHabbo()) || this.client.getHabbo().hasPermission("cmd_mute") || this.client.getHabbo().hasPermission(Permission.ACC_AMBASSADOR)) {
-                Habbo habbo = room.getHabbo(userId);
+        if (room.hasRights(this.client.getHabbo()) || this.client.getHabbo().hasPermission("cmd_mute") || this.client.getHabbo().hasPermission(Permission.ACC_AMBASSADOR)) {
+            Habbo habbo = room.getHabbo(userId);
 
-                if (habbo != null) {
-                    room.muteHabbo(habbo, minutes);
-                    habbo.getClient().sendResponse(new MutedWhisperComposer(minutes * 60));
-                    AchievementManager.progressAchievement(this.client.getHabbo(), Emulator.getGameEnvironment().getAchievementManager().getAchievement("SelfModMuteSeen"));
-                }
+            if (habbo != null) {
+                room.muteHabbo(habbo, minutes);
+                habbo.getClient().sendResponse(new MutedWhisperComposer(minutes * 60));
+                AchievementManager.progressAchievement(this.client.getHabbo(), Emulator.getGameEnvironment().getAchievementManager().getAchievement("SelfModMuteSeen"));
             }
         }
     }
diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/UnbanRoomUserEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/UnbanRoomUserEvent.java
index a0eebffb..662d8d30 100644
--- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/UnbanRoomUserEvent.java
+++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/rooms/users/UnbanRoomUserEvent.java
@@ -10,13 +10,13 @@ public class UnbanRoomUserEvent extends MessageHandler {
         int userId = this.packet.readInt();
         int roomId = this.packet.readInt();
 
-        Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId);
-
-        if (room != null) {
-            if (room.isOwner(this.client.getHabbo())) {
-                room.unbanHabbo(userId);
-            }
+        Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
+        if (room == null || room.getId() != roomId) {
+            return;
         }
 
+        if (room.isOwner(this.client.getHabbo())) {
+            room.unbanHabbo(userId);
+        }
     }
 }
diff --git a/Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomModerationScopeContractTest.java b/Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomModerationScopeContractTest.java
new file mode 100644
index 00000000..dd7677a6
--- /dev/null
+++ b/Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomModerationScopeContractTest.java
@@ -0,0 +1,24 @@
+package com.eu.habbo.messages.incoming.rooms.users;
+
+import org.junit.jupiter.api.Test;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class RoomModerationScopeContractTest {
+    @Test
+    void roomUserBanAndMuteAreScopedToCurrentRoom() throws Exception {
+        Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/rooms/users");
+
+        for (String handler : new String[]{"RoomUserBanEvent.java", "RoomUserMuteEvent.java", "UnbanRoomUserEvent.java"}) {
+            String source = Files.readString(base.resolve(handler));
+
+            assertTrue(source.contains("getCurrentRoom()"),
+                    handler + " must authorize room moderation against the user's current room");
+            assertTrue(source.contains("room.getId() != roomId"),
+                    handler + " must reject client-supplied room ids that do not match the current room");
+        }
+    }
+}