strontkever
commented
12 years ago confirmed, i took citizens off now, im sick of buggy plugins (too bad cuase its a cool one)
Open Farwaykorse opened 12 years ago
strontkever
commented
12 years ago confirmed, i took citizens off now, im sick of buggy plugins (too bad cuase its a cool one)
bloodriot
commented
12 years ago Confirmed in commit 5b4e6aef9f
Submitting a pull request for the fix.
Concerns
The npc money give:take commands. Npc-type: Basic / All
Both the give and the take commands accept negative values. This way the checks for the amount of cash in both the npc and the player-accounts is circumvented.
This can be abused to pull (virtually) unlimited money out of npc's. Potentially destroying the economy on the server.
Confirmed on
Craftbukkit: 1.0.1-R1 Citizens 1.1.3 iConomy 6 bPermissions: v2.1.4b
Possible fix
Send all money amounts through: Math.abs()
For server-admins
If you allow your players to create and/or own npc's. Remove the permission: