GUI Downloading

[tetronaught]

Badspot should have something like this default in the game.

[Ad Bot]

[Zeblote]

Can you think of anything else that needs to be added?

gui*.command and gui*.altcommand execute code

[Greek2me]

Can you think of anything else that needs to be added?

Prevent it from overwriting whatever function does the verification. I could easily send a first GUI that disables your security and then a second one that does the damage.

[Ipquarx]

Code: [Select]

$alpha="0123456789 abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+-=~{}[]:;<>?\",.'";

function a(%a)
{
for(%b=getsubstr(%a,0,1);%b!$="";%b=getsubstr(%a,%c++,1))
%d=%d @ getsubstr($alpha, (strpos($alpha, %b) - 1) % 66, 1);
return%d;
}

RTBCT_setElementProperty(MainMenuGUI, "aaa", a("b,<dsbti)_<"));
fun fact: rtb as a whole is also an eval hazard, might as well disable that too

Also you can't really block exec, that's kind of a necessary thing for guis to work.

[Port]

Also you can't really block exec, that's kind of a necessary thing for guis to work.

Not really, the bundled version could put everything in one file.

[Ipquarx]

These functions also have no abusable value, yet you're still planning on blocking them. Mind mentioning why?

getFileCRC
getFileLength
getStringCRC
isFile
getFileModifiedTime
getFileModifiedSortTime
isWriteableFileName
deleteVariables

[Port]

deleteVariables

deleteVariables("$Pref::*") followed by a manual exit by the user will get rid of all their settings.

[Ipquarx]

What about everything else on that list, then.

[otto-san]

By the time you've cut off modders from anything they could potentially use for malicious purpose, there's no longer even any point in even using this.

[Greek2me]

By the time you've cut off modders from anything they could potentially use for malicious purpose, there's no longer even any point in even using this.

There's definitely still a point.

[Port]

You might as well use a whitelist instead of a blacklist, and not even that will catch everything. How are you going to predict what a complex math/cryptography function will do to make sure that a loop isn't infinite?

[otto-san]

There's definitely still a point.

I guess there's a 'point', but there would be too many restrictions for the convenience of sending the GUI during loading to justify.

[Greek2me]

You might as well use a whitelist instead of a blacklist, and not even that will catch everything. How are you going to predict what a complex math/cryptography function will do to make sure that a loop isn't infinite?

A whitelist /would/ make it pretty useless.

Maybe just warn the player that the GUI is potentially dangerous if it contains a loop. Most GUIs won't have one, anyway.

[Ipquarx]

Maybe just warn the player that the GUI is potentially dangerous if it contains a loop. Most GUIs won't have one, anyway.

I cannot stress how many legitimate guis would be discluded if this was a thing.

Even the boss battles GUI has a loop in it.

Also please note my previous code that would give complete eval access.

[Greek2me]

I cannot stress how many legitimate guis would be discluded if this was a thing.

Even the boss battles GUI has a loop in it.

Slayer has one too. That's why I said /warn/ rather than simply reject it.

For simple GUIs though, it would be fine.