You can HREF HACK the biogenerator

[Cameron653]

Brief description of the issue

You can href hack the biogenerator for monkeys(and other items in a list) and infinite points

What you expected to happen

Not be able to literally hack the biogen from IE

What actually happened

I was able to do so

Steps to reproduce

1. Click a biogenerator with a beaker in it
2. Shift click one of the buttons (like 10 milk)
3. This window will open: https://i.imgur.com/TajQtEO.png
4. Change the cost to -5000000 or whatever the hell you want in the URL.
5. change the item to monkey or whatever you want in the URL. 5.5 Use https://github.com/PolarisSS13/Polaris/blob/8e8b666b46e31a9e4d10fc487f12d70e40ace623/code/game/machinery/biogenerator.dm#L184-L235 as a list of items you can spawn in
6. Refresh page
7. Enjoy your fresh, href hacked items and infinite points https://i.imgur.com/1trzkF6.png (A hacked URL.) https://i.imgur.com/P0zdpBb.png (Ignore the character. Slightly modified codebase. Exploit works on Polaris too.) https://i.imgur.com/qXdGREq.png (Biomass updated.) https://i.imgur.com/j0Nsq2D.png (it can be spammed)

Additional info:

• Server Revision: https://github.com/PolarisSS13/Polaris/commit/01f33216d2473b7b058f9c076bd64c634b51e9d7 (It works on the current github revision.)
• Anything else you may wish to add (Location if it's a mapping issue, etc)

[MarinaGryphon]

We could probably make these "recipes" datums to avoid this? Sure, you could change what you want to make, but then you couldn't change the cost- and I think that's the actual issue here.

[TheFurryFeline]

Or maybe have them require a certain amount of a required material before chucking out the requested item? Yes, majorly late but checking out old issues and saw this.