#45938: City-buy allows buying off all shields of an unavailable production target
Open Date: 2022-10-21 03:17
Last Update: 2022-10-22 15:24
URL for this Ticket:
https://osdn.net//projects/freeciv/ticket/45938
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=45938
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2022-10-22 15:24 Updated by: lexxie9952
Comment:
While I'm at it, it might be better to leave nothing unsaid and full disclosure. There is player named Dr.Z who seems to have Ph.D. in Exploitology. No matter how many times I patch it trying to be liberal for real situations to allow nice convenience for players, he ALWAYS finds a way to exploit it into an unfair advantage neither of us could think of, then wants to brag about it and tell others, not knowing it causes loss of morale in player community. You can look****@fcw***** commits in the last week or so of this post, and every single conceivable way you could have illegal targets or do buys on illegal targets or do tricks to change things from legal to illegal targets or use build slots or anything else, he found a way to exploit it.
Bottom line is, neither client nor server should think it's being nice or convenient or liberal to allow "harmless conveniences" or postponements or warnings around illegal targets and worklists, it has to be fully black/white yes/no 0/100 authoritarian "ORDNUNG und NO EXCEPTIONS!!" logic on outlawing everything, and be aware that it's not just in packet handling phase in mid-turn user interactions but many exploits also count on vulnerabilities on how TC phases process executions too.
---------------------------------------------------------------------
Ticket Status:
Reporter: (Anonymous)
Owner: (None)
Type: Bugs
Status: Open
Priority: 5 - Medium
MileStone: S3_2 d3f
Component: General
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
Unavailable production targets DO happen (probably shouldn't), but that's a separate issue.
This bug happens when there is an unavailable target in current city production. It is still possible to buy the target. This facilitated exploits like (rather) tricky worklist manipulations to arrive at illegal targets so that one can buy them at lower shield-gold cost, then switch the target on the next turn from some unit costing 10 or 20 to one cost 30 or 40.
Adding a check for unavailability in really_handle_city_buy() fixed it for us at FCW:
/* City with an illegal target! Don't allow illegal-buy exploits: */ if (!can_city_build_direct(pcity, &pcity->production)) { char prod[256]; universal_name_translation(&pcity->production, prod, sizeof(prod)); notify_player(pplayer, pcity->tile, E_BAD_COMMAND, ftc_server, _("[`no`] %s lacks requirements to buy or build %s."), city_link(pcity), prod); return; }
--
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN
Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net/projects/freeciv/ticket/45938
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=45938