From 5a59c6f262eaaf4fd5da12dbef4f88f89898fe45 Mon Sep 17 00:00:00 2001
From: metalgearsloth <31366439+metalgearsloth@users.noreply.github.com>
Date: Mon, 27 May 2024 18:04:34 +1000
Subject: [PATCH] Add loadout group check (#28311)

Forgot to add it back in one of the rewrites.
---
 Content.Shared/Preferences/Loadouts/RoleLoadout.cs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Content.Shared/Preferences/Loadouts/RoleLoadout.cs b/Content.Shared/Preferences/Loadouts/RoleLoadout.cs
index 40e13f0edf..479974893c 100644
--- a/Content.Shared/Preferences/Loadouts/RoleLoadout.cs
+++ b/Content.Shared/Preferences/Loadouts/RoleLoadout.cs
@@ -78,12 +78,20 @@ public sealed partial class RoleLoadout : IEquatable<RoleLoadout>
             {
                 var loadout = loadouts[i];
 
+                // Old prototype or otherwise invalid.
                 if (!protoManager.TryIndex(loadout.Prototype, out var loadoutProto))
                 {
                     loadouts.RemoveAt(i);
                     continue;
                 }
 
+                // Malicious client maybe, check the group even has it.
+                if (!groupProto.Loadouts.Contains(loadout.Prototype))
+                {
+                    loadouts.RemoveAt(i);
+                    continue;
+                }
+
                 // Validate the loadout can be applied (e.g. points).
                 if (!IsValid(profile, session, loadout.Prototype, collection, out _))
                 {