Author Topic: callservercommand event- except it is for the host only (Read 962 times)

xSetrox · January 22, 2014, 05:39:30 PM

/title
The reason the callservercommand event was failed was because it had no protection and anyone, even non-admins, could use it.
So, can someone make it work for the host only?
Thanks.

Ad Bot · Advertisement

Greek2me · January 22, 2014, 06:54:22 PM

I have something waiting to be approved right now: http://forum.returntoblockland.com/dlm/viewFile.php?id=5384

Once it gets released I can add that to it.

Quote from: RTB Description

Includes these output events:

Server -> loadSaveFile Allows for a save file to be loaded. You can specify the file name and ownership.
Server -> clearAllBricks Clears all bricks in the server. In conjunction with loadSaveFile, this can be used to reset a map.

Server -> echo Prints an echo to the console.
Server -> warn Prints a warning to the console.
Server -> error Prints an error to the console.
Please note: All events are host-only.

Feel free to submit ideas for additional server events!

Who Cares99 · January 23, 2014, 12:15:54 AM

Quote from: Badspot on January 22, 2014, 11:02:31 PM

Even if it was host only it's still a tremendously bad idea because malicious scripts could be embedded in save files.

I don't quite understand how this would be a huge threat with this mod, but it's what badspot said to the exact same suggestion as this.
(The original post didn't say to make it host only but it did in the thread)

Badspot · January 23, 2014, 01:27:43 AM

A white listed series of specifically implemented events (like greek2me's post) is the way to do this.

If you allow complete access to any servercmd, then malicious saves could be created that ban players, change the admin password, restart the server, who knows what. There's also unforeseen interactions with future add-ons that implement new servercmds. Stick to implementing specific events, not exposing script access.

Who Cares99 · January 23, 2014, 09:04:37 PM

Quote from: Badspot on January 23, 2014, 01:27:43 AM

A white listed series of specifically implemented events (like greek2me's post) is the way to do this.

If you allow complete access to any servercmd, then malicious saves could be created that ban players, change the admin password, restart the server, who knows what. There's also unforeseen interactions with future add-ons that implement new servercmds. Stick to implementing specific events, not exposing script access.

That would be cool as long as you don't need to know how to script to add your own commands. It doesn't necessarily need to be an in-game method of doing it but it should be as simple as just typing the command in the right place.

Jakobblockhead · March 20, 2014, 07:20:14 PM

Quote from: Who Cares99 on January 23, 2014, 09:04:37 PM

That would be cool as long as you don't need to know how to script to add your own commands. It doesn't necessarily need to be an in-game method of doing it but it should be as simple as just typing the command in the right place.

Holy hell you are replying this to the person who made Blockland. Even Greek replied to this thread! Do you think that they do not know how to script?! Ever heard of eval? Or MSP? Or the thousands of scripts that have come out? Good god. An even is in-game, what are you talking about not necessarily being an in-game method?

Blake1 · March 20, 2014, 07:42:09 PM

Quote from: Jakobblockhead on March 20, 2014, 07:20:14 PM

Holy hell you are replying this to the person who made Blockland. Even Greek replied to this thread! Do you think that they do not know how to script?! Ever heard of eval? Or MSP? Or the thousands of scripts that have come out? Good god. An even is in-game, what are you talking about not necessarily being an in-game method?

nice bump

SWAT One · March 20, 2014, 07:53:14 PM

Quote from: Jakobblockhead on March 20, 2014, 07:20:14 PM

Holy hell you are replying this to the person who made Blockland. Even Greek replied to this thread! Do you think that they do not know how to script?! Ever heard of eval? Or MSP? Or the thousands of scripts that have come out? Good god. An even is in-game, what are you talking about not necessarily being an in-game method?

You have no room to talk.

Who Cares99 · March 20, 2014, 11:00:42 PM

Quote from: Jakobblockhead on March 20, 2014, 07:20:14 PM

Holy hell you are replying this to the person who made Blockland. Even Greek replied to this thread! Do you think that they do not know how to script?! Ever heard of eval? Or MSP? Or the thousands of scripts that have come out? Good god. An even is in-game, what are you talking about not necessarily being an in-game method?

Are you handicapped? You might want to reread my post, I wasn't saying that anyone didn't know how to script. I was just adding on to what badspot said in case if anybody decided to make the mod, saying that there would need to be a good way to add white listed events without having to be a good scripter, for customized personal use. Tell me if you still don't know what I'm saying and I'll try to explain it more understandably.

xSetrox · March 22, 2014, 10:42:40 AM

why was this bumped
that post wasn't really necessary imo

Who Cares99 · March 22, 2014, 01:25:46 PM

Quote from: xSetrox on March 22, 2014, 10:42:40 AM

why was this bumped
that post wasn't really necessary imo

That post was completely unnecessary and misguided, I think Jakob just isn't very bright or had a moment of stupidity.