Author Topic: Make it impossible to manipulate an eval command?  (Read 2702 times)

What would that do?

EDIT: I'm trying to create the ScriptObject now but I can't find a way to do it through code on %brick..

%so = new ScriptObject("Salvage_" @ %client.bl_id : %brick); returns a syntax error.

You can't use string concatenation for creating objects. However, the client's BL_ID is guaranteed to be a number and not contained "s, so you can just use...

Code: [Select]
%oldName = %brick.getName();
%brick.setName("BrickToClone");
%so = eval("return new ScriptObject(Salvage_" @ %client.bl_id @ " : BrickToClone);");
%brick.setName(%oldName);

Purpose of using eval in that code? seems like it'd work just the same without.

"You can't use string concatenation for creating objects."

You can't use string concatenation for creating objects. However, the client's BL_ID is guaranteed to be a number and not contained "s, so you can just use...

Code: [Select]
%oldName = %brick.getName();
%brick.setName("BrickToClone");
%so = eval("return new ScriptObject(Salvage_" @ %client.bl_id @ " : BrickToClone);");
%brick.setName(%oldName);

Don't use eval for that...

Code: [Select]
%oldName = %brick.getName();
%brick.setName("BrickToClone");

new ScriptObject(tempBrickName : BrickToClone);

%brick.setName(%oldName);
tempBrickName.setName("new name" SPC $blah);

This isn't related to the eval command, but if you're creating a new salvage mod as your object names imply and want to reference my old one I've uploaded it here. I'd see that script being useful if you find an exploit and are curious how I fixed it (there were a lot), but otherwise try to refrain from using my old methods since some are kinda inefficient and your script probably works just as well if not better.

This isn't related to the eval command, but if you're creating a new salvage mod as your object names imply and want to reference my old one I've uploaded it here. I'd see that script being useful if you find an exploit and are curious how I fixed it (there were a lot), but otherwise try to refrain from using my old methods since some are kinda inefficient and your script probably works just as well if not better.
I've actually been basing this off of your salvage mod, had the add-on for a long time and hosted quite a few games with it.


eval(%so @ "." @ %Tag @ %Inv @ "=%Val;");

:)

eval(%so @ "." @ %Tag @ %Inv @ "=%Val;");

:)

Holy stuff..

Thank you.
« Last Edit: November 18, 2013, 05:24:09 AM by Conservative »

eval(%so @ "." @ %Tag @ %Inv @ "=%Val;");

:)
this is still vulnerable though, right? the tag and inv variables can be exploited? not val, and not so, as those are both made by the script

this is still vulnerable though, right? the tag and inv variables can be exploited? not val, and not so, as those are both made by the script
Can you think of any way a player has access to creating a custom named variable on a brick?, inv is the player's currInv value.

Can you think of any way a player has access to creating a custom named variable on a brick?, inv is the player's currInv value.

Events

Events
But those will be brick.inputEvent[num] and similar
There's no way to modify the variable name, only the value