CastiaL Posted July 11, 2024 Posted July 11, 2024 Players troll other players by running server-side events, how can I prevent this? For example, they can animate all players using the freeroam script.
Moderators IIYAMA Posted July 11, 2024 Moderators Posted July 11, 2024 21 hours ago, CastiaL said: how can I prevent this? I quickly looked at the code and there seems to be a vulnerability here: fr_server.lua addEvent('onServerCall', true) addEventHandler('onServerCall', resourceRoot, function(fnName, ...) source = client -- Some called functions require 'source' to be set to the triggering client local fnInfo = g_RPCFunctions[fnName] -- Custom check made to intercept the jetpack on custom gravity if fnInfo and type(fnInfo) ~= "boolean" and tostring(fnInfo.option) == "jetpack" then if tonumber(("%.3f"):format(getPedGravity(source))) ~= 0.008 then errMsg("* You may use jetpack only if the gravity is set to 0.008", source) return end end if fnInfo and ((type(fnInfo) == 'boolean' and fnInfo) or (type(fnInfo) == 'table' and getOption(fnInfo.option))) then local fn = _G for i,pathpart in ipairs(fnName:split('.')) do fn = fn[pathpart] end ---------------------------- fn(...) -- LOCATED HERE ---------------------------- elseif type(fnInfo) == 'table' then errMsg(fnInfo.descr .. ' is not allowed', source) end end ) The given arguments for any of the functions below are not validated. Spoiler g_RPCFunctions = { addPedClothes = { option = 'clothes', descr = 'Modifying clothes' }, addVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, fadeVehiclePassengersCamera = true, fixVehicle = { option = 'repair', descr = 'Repairing vehicles' }, giveMeVehicles = { option = 'createvehicle', descr = 'Creating vehicles' }, giveMeWeapon = { option = 'weapons.enabled', descr = 'Getting weapons' }, removePedClothes = { option = 'clothes', descr = 'Modifying clothes' }, removePedFromVehicle = true, removeVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, setElementAlpha = { option = 'alpha', descr = 'Changing your alpha' }, setElementInterior = true, setMySkin = { option = 'setskin', descr = 'Setting skin' }, setPedAnimation = { option = 'anim', descr = 'Setting an animation' }, setPedFightingStyle = { option = 'setstyle', descr = 'Setting fighting style' }, setPedGravity = { option = 'gravity.enabled', descr = 'Setting gravity' }, setPedStat = { option = 'stats', descr = 'Changing stats' }, setPedWearingJetpack = { option = 'jetpack', descr = 'Adding/removing a jetpack' }, setVehicleColor = true, setVehicleHeadLightColor = true, setVehicleOverrideLights = { option = 'lights', descr = 'Forcing lights' }, setVehiclePaintjob = { option = 'paintjob', descr = 'Applying paintjobs' }, warpMeIntoVehicle = true, }
Moderators IIYAMA Posted July 14, 2024 Moderators Posted July 14, 2024 @CastiaL For freeroam resource patch see: https://github.com/multitheftauto/mtasa-resources/pull/516
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now