CastiaL Posted July 11 Share Posted July 11 Players troll other players by running server-side events, how can I prevent this? For example, they can animate all players using the freeroam script. Link to comment
Moderators IIYAMA Posted July 11 Moderators Share Posted July 11 21 hours ago, CastiaL said: how can I prevent this? I quickly looked at the code and there seems to be a vulnerability here: fr_server.lua addEvent('onServerCall', true) addEventHandler('onServerCall', resourceRoot, function(fnName, ...) source = client -- Some called functions require 'source' to be set to the triggering client local fnInfo = g_RPCFunctions[fnName] -- Custom check made to intercept the jetpack on custom gravity if fnInfo and type(fnInfo) ~= "boolean" and tostring(fnInfo.option) == "jetpack" then if tonumber(("%.3f"):format(getPedGravity(source))) ~= 0.008 then errMsg("* You may use jetpack only if the gravity is set to 0.008", source) return end end if fnInfo and ((type(fnInfo) == 'boolean' and fnInfo) or (type(fnInfo) == 'table' and getOption(fnInfo.option))) then local fn = _G for i,pathpart in ipairs(fnName:split('.')) do fn = fn[pathpart] end ---------------------------- fn(...) -- LOCATED HERE ---------------------------- elseif type(fnInfo) == 'table' then errMsg(fnInfo.descr .. ' is not allowed', source) end end ) The given arguments for any of the functions below are not validated. Spoiler g_RPCFunctions = { addPedClothes = { option = 'clothes', descr = 'Modifying clothes' }, addVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, fadeVehiclePassengersCamera = true, fixVehicle = { option = 'repair', descr = 'Repairing vehicles' }, giveMeVehicles = { option = 'createvehicle', descr = 'Creating vehicles' }, giveMeWeapon = { option = 'weapons.enabled', descr = 'Getting weapons' }, removePedClothes = { option = 'clothes', descr = 'Modifying clothes' }, removePedFromVehicle = true, removeVehicleUpgrade = { option = 'upgrades', descr = 'Adding/removing upgrades' }, setElementAlpha = { option = 'alpha', descr = 'Changing your alpha' }, setElementInterior = true, setMySkin = { option = 'setskin', descr = 'Setting skin' }, setPedAnimation = { option = 'anim', descr = 'Setting an animation' }, setPedFightingStyle = { option = 'setstyle', descr = 'Setting fighting style' }, setPedGravity = { option = 'gravity.enabled', descr = 'Setting gravity' }, setPedStat = { option = 'stats', descr = 'Changing stats' }, setPedWearingJetpack = { option = 'jetpack', descr = 'Adding/removing a jetpack' }, setVehicleColor = true, setVehicleHeadLightColor = true, setVehicleOverrideLights = { option = 'lights', descr = 'Forcing lights' }, setVehiclePaintjob = { option = 'paintjob', descr = 'Applying paintjobs' }, warpMeIntoVehicle = true, } Link to comment
Moderators IIYAMA Posted July 14 Moderators Share Posted July 14 @CastiaL For freeroam resource patch see: https://github.com/multitheftauto/mtasa-resources/pull/516 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now