From 6328ffd71fb924ca9f759bebfdd96d9d69a3fe17 Mon Sep 17 00:00:00 2001
From: MrSol0 <35892335+MrSol0@users.noreply.github.com>
Date: Mon, 28 Aug 2023 11:07:48 +0100
Subject: [PATCH] Major Vulnerability Fix

This vulnerability has existed since OWL 1.0, which enables an attacker to still use cash when changing characters which i discovered after testing my own server and was able to still buy things without money being deducted from my character which potentially could double my money.
---
 mods/deathmatch/resources/account/s_characters.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mods/deathmatch/resources/account/s_characters.lua b/mods/deathmatch/resources/account/s_characters.lua
index 4ef42545..761e1149 100644
--- a/mods/deathmatch/resources/account/s_characters.lua
+++ b/mods/deathmatch/resources/account/s_characters.lua
@@ -533,6 +533,7 @@ function Characters_onCharacterChange()
 
     setElementDataEx(client, "loggedin", 0, true)
     setElementDataEx(client, "dbid", 0, true)
+    setElementDataEx(client, "money", 0)
     setElementDataEx(client, "bankmoney", 0)
     setElementDataEx(client, "account:character:id", false)
     setElementAlpha(client, 0)