Author Topic: Output Event-Server Command (Read 3675 times)

TB2 · January 19, 2014, 02:27:38 PM

Is there anyway to do this?

Example:

OnMinigameReset->Self->IssueServerCmd->/clearcorpses

Ad Bot · Advertisement

Zeblote · January 19, 2014, 02:29:16 PM

-wrong-

Subpixel · January 19, 2014, 02:30:13 PM

I'll make it.

Zeblote · January 19, 2014, 02:32:43 PM

Quote from: Subpixel on January 19, 2014, 02:30:13 PM

I'll make it.

Why are you working on it when I have already made this? :c

Headcrab Zombie · January 19, 2014, 02:33:05 PM

I made this like three years ago

http://forum.blockland.us/index.php?topic=146132.0

It's not done that great though, and it's vulnerable to injection since it uses eval. Not going to put effort into fixing that since ^ probably made it better.
Assuming he's going to eventually edit/add a link to it

Zeblote · January 19, 2014, 03:27:15 PM

http://forum.blockland.us/index.php?topic=250081.0

Badspot · January 19, 2014, 06:02:18 PM

The way to do this is to implement a clearcorpses event, not open a massive security hole by allowing any event to call any command.

LagoomSack · January 19, 2014, 06:07:41 PM

Quote from: Badspot on January 19, 2014, 06:02:18 PM

The way to do this is to implement a clearcorpses event, not open a massive security hole by allowing any event to call any command.

knowlege had rain down upon us

Zeblote · January 19, 2014, 06:10:17 PM

Quote from: Badspot on January 19, 2014, 06:02:18 PM

The way to do this is to implement a clearcorpses event, not open a massive security hole by allowing any event to call any command.

But that's not what he wants - it's only an example.

Badspot · January 19, 2014, 06:25:47 PM

Quote from: Zeblote on January 19, 2014, 06:10:17 PM

But that's not what he wants - it's only an example.

Ok then,

The way to do this is to implement a <whatever you actually want> event, not open a massive security hole by allowing any event to call any command.

TristanLuigi · January 19, 2014, 06:41:41 PM

Quote from: Badspot on January 19, 2014, 06:25:47 PM

Ok then,

The way to do this is to implement a <whatever you actually want> event, not open a massive security hole by allowing any event to call any command.

While I agree that it's a security issue and is abusable, it's really up to the server owner, and this is likely only going to be used in mini games or with events set to admin only.

otto-san · January 19, 2014, 06:46:18 PM

Quote from: TristanLuigi on January 19, 2014, 06:41:41 PM

While I agree that it's a security issue and is abusable, it's really up to the server owner, and this is likely only going to be used in mini games or with events set to admin only.

it's hard to trust players to handle their server's 'secureness'

TristanLuigi · January 19, 2014, 06:47:12 PM

Quote from: otto-san on January 19, 2014, 06:46:18 PM

it's hard to trust players to handle their server's 'secureness'

If their server gets screwed up, it's their fault.

SWAT One · January 19, 2014, 06:50:41 PM

What if there were a way to detect the user that made it so that players who used it would actually have permission to the command. If a user made a button to clear all their bricks, by clicking it then why not?

Starzy · January 19, 2014, 10:01:36 PM

Quote from: TristanLuigi on January 19, 2014, 06:47:12 PM

If their server gets screwed up, it's their fault.

No it's not, it's the mods vulnerability's that caused his server to be forgeted up.