CastiaL Posted July 11, 2024 Posted July 11, 2024 Players troll other players by running server-side events, how can I prevent this? For example, they can animate all players using the freeroam script. I would be very happy if you send a like to support me
Moderators IIYAMA Posted July 11, 2024 Moderators Posted July 11, 2024 21 hours ago, CastiaL said: how can I prevent this? I quickly looked at the code and there seems to be a vulnerability here: fr_server.lua addEvent('onServerCall', true) addEventHandler('onServerCall', resourceRoot, function(fnName, ...) source = client -- Some called functions require 'source' to be set to the triggering client local fnInfo = g_RPCFunctions[fnName] -- Custom check made to intercept the jetpack on custom gravity if fnInfo and type(fnInfo) ~= "boolean" and tostring(fnInfo.option) == "jetpack" then if tonumber(("%.3f"):format(getPedGravity(source))) ~= 0.008 then errMsg("* You may use jetpack only if the gravity is set to 0.008", source) return end end if fnInfo and ((type(fnInfo) == 'boolean' and fnInfo) or (type(fnInfo) == 'table' and getOption(fnInfo.option))) then local fn = _G for i,pathpart in ipairs(fnName:split('.')) do fn = fn[pathpart] end ---------------------------- fn(...) -- LOCATED HERE ---------------------------- elseif type(fnInfo) == 'table' then errMsg(fnInfo.descr .. ' is not allowed', source) end end ) The given arguments for any of the functions below are not validated. Spoiler g_RPCFunctions = { addPedClothes = { option = 'clothes', descr = 'Modifying clothes' }, addVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, fadeVehiclePassengersCamera = true, fixVehicle = { option = 'repair', descr = 'Repairing vehicles' }, giveMeVehicles = { option = 'createvehicle', descr = 'Creating vehicles' }, giveMeWeapon = { option = 'weapons.enabled', descr = 'Getting weapons' }, removePedClothes = { option = 'clothes', descr = 'Modifying clothes' }, removePedFromVehicle = true, removeVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, setElementAlpha = { option = 'alpha', descr = 'Changing your alpha' }, setElementInterior = true, setMySkin = { option = 'setskin', descr = 'Setting skin' }, setPedAnimation = { option = 'anim', descr = 'Setting an animation' }, setPedFightingStyle = { option = 'setstyle', descr = 'Setting fighting style' }, setPedGravity = { option = 'gravity.enabled', descr = 'Setting gravity' }, setPedStat = { option = 'stats', descr = 'Changing stats' }, setPedWearingJetpack = { option = 'jetpack', descr = 'Adding/removing a jetpack' }, setVehicleColor = true, setVehicleHeadLightColor = true, setVehicleOverrideLights = { option = 'lights', descr = 'Forcing lights' }, setVehiclePaintjob = { option = 'paintjob', descr = 'Applying paintjobs' }, warpMeIntoVehicle = true, } Do you want to improve your Lua programming skills and make less mistakes? Start with Lua Language Server! Useful functions 3x Spoiler checkPassiveTimer getScreenStartPositionFromBox getPedGender Tutorials 4x Spoiler Scaling DX Events Attach an addEventHandler on a group of elements Debugging
Moderators IIYAMA Posted July 14, 2024 Moderators Posted July 14, 2024 @CastiaL For freeroam resource patch see: https://github.com/multitheftauto/mtasa-resources/pull/516 Do you want to improve your Lua programming skills and make less mistakes? Start with Lua Language Server! Useful functions 3x Spoiler checkPassiveTimer getScreenStartPositionFromBox getPedGender Tutorials 4x Spoiler Scaling DX Events Attach an addEventHandler on a group of elements Debugging
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now