« previous next »
Pages: 1 2 [3]

Author Topic: System add-on I'll release soon. Added toggle walk/run and server keybinds!  (Read 4029 times)

Greek2me

November 08, 2013, 01:00:44 PM
Quote from: Lugnut on October 22, 2013, 12:20:14 PM
i want the add-on to punch holes in it

i don't actually have the time to test functionality, just read code

I want to review the code, too, if that's ok.

Ad Bot

Advertisement

Mr_Doom

November 08, 2013, 03:21:26 PM
Quote from: Greek2me on November 08, 2013, 01:00:44 PM
I want to review the code, too, if that's ok.

Would love to do that myself too

Aide33

November 08, 2013, 04:44:57 PM
Quote from: Mr_Doom on November 08, 2013, 03:21:26 PM
Would love to do that myself too
Code would be nice yeah

DrenDran

November 09, 2013, 10:25:14 AM
Quote from: SgtDaemon on November 08, 2013, 11:37:42 AM
Make features toggleable
Yeah, sure.
Quote from: SgtDaemon on November 08, 2013, 11:37:42 AM
and make event saves deleteable ingame
Already done.
Quote from: SgtDaemon on November 08, 2013, 11:37:42 AM
Also you know when you start the game, the RTB notifications overlap that "next" and "go!" buttons in the start server screen? Can you make a feature that replaces/disables notifications?
I'm not going to mod RTB.
No way Ephi would like that.

Thanks for the bump, by the way.

Quote from: Greek2me on November 08, 2013, 01:00:44 PM
I want to review the code, too, if that's ok.
Quote from: Mr_Doom on November 08, 2013, 03:21:26 PM
Would love to do that myself too
Quote from: Aide33 on November 08, 2013, 04:44:57 PM
Code would be nice yeah
One thing I can tell you all is that it doesn't use eval.
It uses the call function function, which cannot have code injected into it.

Port

November 10, 2013, 03:29:10 AM
Quote from: DrenDran on November 09, 2013, 10:25:14 AM
One thing I can tell you all is that it doesn't use eval.
It uses the call function function, which cannot have code injected into it.

call("eval", "..."); !!1

But anyway, I'd appreciate getting to review it too, not so much just for security holes but also mainly just for optimization and general bloat.

MARBLE MAN

November 10, 2013, 10:02:02 AM
Quote from: Port on November 10, 2013, 03:29:10 AM
call("eval", "..."); !!1

But anyway, I'd appreciate getting to review it too, not so much just for security holes but also mainly just for optimization and general bloat.

Quote from: DrenDran on October 22, 2013, 10:42:50 AM
I noticed that too, let me see if I can fix it real quick.I could add that.Sure. Though if I remember correctly I had it filter out all semicolons, that should render it harmless.
edit: doesn't even use eval anymore:
Code: [Select]
function BLRS_AuthCommand(%sender,%command,%arg1,%arg2,%arg3)
{
if(isFunction("blrscmd" @ %command))
{
call("blrscmd" @ %command,%sender,%arg1,%arg2,%arg3);
}
//old bad way of doing it
//eval("blrscmd" @ %command @ "(" @ %sender @ ",\"" @ %arg1 @ "\",\"" @ %arg2 @ "\",\"" @ %arg3 @ "\");");
}

LagoomSack

November 10, 2013, 10:03:50 AM
i wannda beta test

Zeblote

November 10, 2013, 11:58:20 AM
Why does everyone want to read this add-on's code

Lugnut

November 10, 2013, 03:39:32 PM
Quote from: MARBLE MAN on November 10, 2013, 10:02:02 AM

i think port was sarcastic
Quote from: Zeblote on November 10, 2013, 11:58:20 AM
Why does everyone want to read this add-on's code
i did because it previously had some security flaws allowing brute force and remote authenticated eval injection
Pages: 1 2 [3]
« previous next »