From 2459aa540151e752dbf676b6e466f0b1c45a10e8 Mon Sep 17 00:00:00 2001
From: scatterflower <marisa@scatterflower.online>
Date: Sun, 10 Jul 2022 10:25:19 -0500
Subject: [PATCH 1/3] Don't allow exploit to change background

---
 core/src/packet/packet_ms.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/src/packet/packet_ms.cpp b/core/src/packet/packet_ms.cpp
index dbdbda2..f174226 100644
--- a/core/src/packet/packet_ms.cpp
+++ b/core/src/packet/packet_ms.cpp
@@ -159,6 +159,7 @@ AOPacket *PacketMS::validateIcPacket(AOClient &client) const
     l_args.append(l_incoming_args[5].toString());
     if (client.m_pos != l_incoming_args[5].toString()) {
         client.m_pos = l_incoming_args[5].toString();
+        client.m_pos.replace("../", "");
         client.updateEvidenceList(client.getServer()->getAreaById(client.m_current_area));
     }
 

From 6063c9b443093f69b66719b0b934245e1b345c17 Mon Sep 17 00:00:00 2001
From: Salanto <62221668+Salanto@users.noreply.github.com>
Date: Sat, 23 Jul 2022 13:45:20 +0200
Subject: [PATCH 2/3] Comitting my own suggestion

---
 core/src/packet/packet_ms.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/packet/packet_ms.cpp b/core/src/packet/packet_ms.cpp
index f174226..61f9814 100644
--- a/core/src/packet/packet_ms.cpp
+++ b/core/src/packet/packet_ms.cpp
@@ -159,7 +159,7 @@ AOPacket *PacketMS::validateIcPacket(AOClient &client) const
     l_args.append(l_incoming_args[5].toString());
     if (client.m_pos != l_incoming_args[5].toString()) {
         client.m_pos = l_incoming_args[5].toString();
-        client.m_pos.replace("../", "");
+        client.m_pos.replace("../", "").replace("..\\","");
         client.updateEvidenceList(client.getServer()->getAreaById(client.m_current_area));
     }
 

From b59c522c51774ec3ee7c0026fd4ff9c181d54a07 Mon Sep 17 00:00:00 2001
From: Salanto <62221668+Salanto@users.noreply.github.com>
Date: Sat, 20 Aug 2022 15:41:57 +0200
Subject: [PATCH 3/3] Format

---
 core/src/packet/packet_ms.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/packet/packet_ms.cpp b/core/src/packet/packet_ms.cpp
index 61f9814..2026d1c 100644
--- a/core/src/packet/packet_ms.cpp
+++ b/core/src/packet/packet_ms.cpp
@@ -159,7 +159,7 @@ AOPacket *PacketMS::validateIcPacket(AOClient &client) const
     l_args.append(l_incoming_args[5].toString());
     if (client.m_pos != l_incoming_args[5].toString()) {
         client.m_pos = l_incoming_args[5].toString();
-        client.m_pos.replace("../", "").replace("..\\","");
+        client.m_pos.replace("../", "").replace("..\\", "");
         client.updateEvidenceList(client.getServer()->getAreaById(client.m_current_area));
     }