Core/Chat: Fix lower security check for GM commands.

r4d1sh · Feb 14, 2025 · 3b0c71c · 3b0c71c
1 parent 4bec944
commit 3b0c71c
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 4 deletions.
diff --git a/sql/updates/auth/3.3.5/2025_02_14_00_auth.sql b/sql/updates/auth/3.3.5/2025_02_14_00_auth.sql
@@ -0,0 +1,2 @@
+--
+UPDATE `name` = 'Can ignore lower security than target check if it\'s disabled in config' WHERE `id` = 47;
diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h
@@ -97,7 +97,7 @@ enum RBACPermissions
     RBAC_PERM_RECEIVE_GLOBAL_GM_TEXTMESSAGE                  = 44,
     RBAC_PERM_SILENTLY_JOIN_CHANNEL                          = 45,
     RBAC_PERM_CHANGE_CHANNEL_NOT_MODERATOR                   = 46,
-    RBAC_PERM_CHECK_FOR_LOWER_SECURITY                       = 47,
+    RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK                = 47,
     RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA             = 48,
     RBAC_PERM_EMAIL_CONFIRM_FOR_PASS_CHANGE                  = 49,
     RBAC_PERM_MAY_CHECK_OWN_EMAIL                            = 50,

diff --git a/src/server/game/Chat/Chat.cpp b/src/server/game/Chat/Chat.cpp
@@ -77,7 +77,7 @@ bool ChatHandler::HasLowerSecurityAccount(WorldSession* target, uint32 target_ac
         return false;
 
     // ignore only for non-players for non strong checks (when allow apply command at least to same sec level)
-    if (m_session->HasPermission(rbac::RBAC_PERM_CHECK_FOR_LOWER_SECURITY) && !strong && !sWorld->getBoolConfig(CONFIG_GM_LOWER_SECURITY))
+    if (m_session->HasPermission(rbac::RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK) && !strong && !sWorld->getBoolConfig(CONFIG_GM_LOWER_SECURITY))
         return false;
 
     if (target)

diff --git a/src/server/worldserver/worldserver.conf.dist b/src/server/worldserver/worldserver.conf.dist
@@ -2178,8 +2178,12 @@ GM.AllowInvite = 0
 
 #
 #    GM.LowerSecurity
-#        Description: Allow lower security levels to use commands on higher security level
-#                     characters.
+#        Description: Disallow lower security levels to use commands on higher security level
+#                     characters. Regardless of this value, lower security check is always
+#                     enabled for accounts without RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK.
+#                     This option also does not affect "strong" checks, such as in
+#                     certain .account and .rbac commands, which are always enabled.
+#
 #        Default:     0 - (Disabled)
 #                     1 - (Enabled)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		--
		UPDATE `name` = 'Can ignore lower security than target check if it\'s disabled in config' WHERE `id` = 47;