[Exploit] XP & clientside enchanting.

The new inventory handling is a great force of good for the security and integrety of the Minecraft experience. However, with the new serverside inventories in tha last few updates we also got clientside handling of the enchantment table. This poses both a security risk to local & other vanilla severs as players are able with hacked clients or the like to give themselves unlimited xp by the abuse of status packets (Minus xp is permitted) or to get the enchantment they like, because the server is not in control over the enchantments. For partner severs and other third party servers there is no risk, however since they are not in control of the enchantments, they cannot provide enchantments.

The enchantments in the enchantment table should be send by the server. The xp required should also be calculated by the server. This will fix the exploit.

With kind regards,
Kasper