[Crash] Unchecked userData.ownedItemIds.includes in doesPlayerOwnItem helper

## Summary
Services server crashes when `userData.ownedItemIds` is undefined in item ownership check.

## Affected Code
`server-services/src/data_management/accountManagement.js:144, 176`

```javascript
if (userData.ownedItemIds.includes(item_id)) return "ALREADY_OWNED";
// CRASH if userData.ownedItemIds is undefined

if (userData.ownedItemIds.includes(item_id) && item.item_class == item_class) return true;
// CRASH if userData.ownedItemIds is undefined
```

## Vulnerability
If database returns corrupted user data without `ownedItemIds`.

## Impact
- Services server crash on buy/saveEquip
- Denial of service

## Recommended Fix
```javascript
if (userData.ownedItemIds?.includes(item_id)) return "ALREADY_OWNED";

if (userData.ownedItemIds?.includes(item_id) && item?.item_class == item_class) return true;
```

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Crash] Unchecked userData.ownedItemIds.includes in doesPlayerOwnItem helper #73

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Crash] Unchecked userData.ownedItemIds.includes in doesPlayerOwnItem helper #73

Description

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions