You've already forked Arcturus-Morningstar-Extended
mirror of
https://github.com/duckietm/Arcturus-Morningstar-Extended.git
synced 2026-06-19 15:06:19 +00:00
simoleo89
da1fd01074
Security - HousekeepingSetUserRankEvent: add rank-ceiling guard (reject granting a rank above the operator's own and modifying a higher-ranked target), mirroring GiveRankCommand — closes a privilege-escalation path. Trade integrity - RoomTrade.clearAccepted now also resets confirmed; a stale confirmed=true let a user strip their side and still complete once the partner re-confirms. Concurrency - RoomCycleManager: iterate the synchronized bot/pet maps under their own monitor (lock order stays one-directional vs addBot/addPet — no deadlock). - RoomSpecialTypes: synchronize nest/petDrink/petFood/petToy/petTree writers on the same monitor their getters already use. - HabboStats: synchronize achievement-progress map accessors. - RebugKickBallAction: drop redundant direct mutation of the shared tile-cache sets (updateTile invalidates them right after) — removes a data race. Robustness - Wired legacy parsers (HabboCount, NotHabboCount, MatchStatePosition, MoveRotateFurni): guard length/format so one malformed row no longer aborts the whole room's wired load. - RoomLayout: fill malformed/short heightmap rows with INVALID tiles instead of leaving nulls, and bounds-check door coordinates. - FurnidataWatcher: defer (instead of drop) a throttled delta so furni-name changes are never lost between broadcasts. - GuildManager.getGuildMembers: fix LIMIT row-count (page size 14, not offset+14) so member pages no longer overlap from page 1 on.