Bug: Empower command does not validate the user's bestowments first
Danger: Medium - Game exploit. Target can grant the user any ability once they are empowered.
Found by: Banner
Fixed by: Banner
---
clans.c, do_empower
Locate:
if( arg2[0] == '\0' || !str_cmp( arg2, "list" ) )
{
ch_printf( ch, "Current bestowed commands on %s: %s.\r\n", victim->name, victim->pcdata->bestowments );
return;
}
Below that, add:
if( str_cmp( ch->name, clan->leader ) && !str_cmp( ch->name, clan->number1 ) )
{
if( !is_name( arg2, ch->pcdata->bestowments ) )
{
send_to_char( "&RI don't think you're even allowed to do that.&W\r\n", ch );
return;
}
}
Anyone with the empower ability in a clan has the ability to empower others, even if they themselves do not possess the abilities. Once this is done, the person who was just empowered can turn around and do the same for the first person.