diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58a50a10..a3ce8308 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin
* Adding EmojiHandler to handle an exploit. Adding `tshock.sendemoji` permission and checks. Added this permission to guest group by default.
* Handling SyncCavernMonsterType packet to prevent an exploit where players could modify the server's cavern monster types and make the server spawn any NPCs - including bosses - onto other players.
* Added LandGolfBallInCup event which is accessible for developers to work with, as well as LandGolfBallInCup handler to handle exploits where players could send direct packets to trigger and imitate golf ball cup landing anywhere in the game world. Added two public lists in Handlers.LandGolfBallInCupHandler: GolfBallProjectileIDs and GolfClubItemIDs. (@Patrikkk)
-* Add SyncTilePicking event. This is called when a player damages a tile.
+* Add SyncTilePicking event. This is called when a player damages a tile. Implementing SyncTilePickingHandler and patching tile damaging related exploits. (Prevent player sending invalid world position data to kick players. Prevent player ID spoofing)
## TShock 4.4.0 (Pre-release 10)
* Fix all rope coils. (@Olink)
diff --git a/TShockAPI/Bouncer.cs b/TShockAPI/Bouncer.cs
index 8029031b..6f2a2ae4 100644
--- a/TShockAPI/Bouncer.cs
+++ b/TShockAPI/Bouncer.cs
@@ -40,6 +40,7 @@ namespace TShockAPI
internal Handlers.NetModules.NetModulePacketHandler NetModuleHandler { get; set; }
internal Handlers.EmojiHandler EmojiHandler { get; set; }
internal Handlers.LandGolfBallInCupHandler LandGolfBallInCupHandler { get; set; }
+ internal Handlers.SyncTilePickingHandler SyncTilePickingHandler { get; set; }
/// Constructor call initializes Bouncer and related functionality.
/// A new Bouncer.
@@ -57,6 +58,9 @@ namespace TShockAPI
LandGolfBallInCupHandler = new Handlers.LandGolfBallInCupHandler();
GetDataHandlers.LandGolfBallInCup += LandGolfBallInCupHandler.OnReceive;
+ SyncTilePickingHandler = new Handlers.SyncTilePickingHandler();
+ GetDataHandlers.SyncTilePicking += SyncTilePickingHandler.OnReceive;
+
// Setup hooks
GetDataHandlers.GetSection += OnGetSection;
GetDataHandlers.PlayerUpdate += OnPlayerUpdate;
diff --git a/TShockAPI/Handlers/SyncTilePickingHandler.cs b/TShockAPI/Handlers/SyncTilePickingHandler.cs
new file mode 100644
index 00000000..a03bec66
--- /dev/null
+++ b/TShockAPI/Handlers/SyncTilePickingHandler.cs
@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Terraria;
+using static TShockAPI.GetDataHandlers;
+
+namespace TShockAPI.Handlers
+{
+ class SyncTilePickingHandler : IPacketHandler
+ {
+ ///
+ /// Invoked when player damages a tile.
+ ///
+ ///
+ ///
+ public void OnReceive(object sender, SyncTilePickingEventArgs args)
+ {
+ if (args.PlayerIndex != args.Player.Index)
+ {
+ TShock.Log.ConsoleDebug($"SyncTilePickingHandler: SyncTilePicking packet rejected for ID spoofing. Expected {args.Player.Index}, received {args.PlayerIndex} from {args.Player.Name}.");
+ args.Handled = true;
+ return;
+ }
+
+ if (args.TileX > Main.maxTilesX || args.TileX < 0
+ || args.TileY > Main.maxTilesY || args.TileY < 0)
+ {
+ TShock.Log.ConsoleDebug($"SyncTilePickingHandler: X and Y position is out of world bounds! - From {args.Player.Name}");
+ args.Handled = true;
+ return;
+ }
+ }
+ }
+}
diff --git a/TShockAPI/TShockAPI.csproj b/TShockAPI/TShockAPI.csproj
index 495127c8..f9885393 100644
--- a/TShockAPI/TShockAPI.csproj
+++ b/TShockAPI/TShockAPI.csproj
@@ -100,6 +100,7 @@
+