PDA

View Full Version : Updates for GServer and NPCServer


Admins
09-15-2005, 04:23 AM
This is not directly script related, but something for developers in general. You eventually need to restart the gserver or npcserver to enable the new stuff.
GServer updates:
- warpto=false and ignorewarpto=true options (are the same, but the second doesn't display an error message)
- warpto is not accepted when the player types illegal coordinates (like warpto blah blah)
- toguild messages are handed " better (displayed correctly in v4, an additional \ in the text will appear in v2)
- on the npcserver levels are not removed from the memory ("swapped out") when a player is still idling there after the normal timeout (5 minutes), so preventing problems of disappearing npcs
- the colors of npcs are sent on first write, so it's easier to do npcs with newbie colors
- some security problems with scripted RC have been fixed (all servers using new scripting engine have already been restarted to make this take effect)
- ghosts can do serverwarp now, so the serverlist is working on all servers

calani
09-15-2005, 05:14 AM
some security problems with scripted RC have been fixed (all servers using new scripting engine have already been restarted to make this take effect)

Is this the fix for the setrights bug?

ForgottenLegacy
09-15-2005, 05:40 AM
Is this the fix for the setrights bug?

I'm testing that right now Ash. I'll update.

EDIT:

New Client-RC: Kaidenn (Heartless) (ForgottenLegacy)
ForgottenLegacy prob: not authorized for changing admin rights


Yup, the bug is fixed. :D

Thanks Stefan.

calani
09-15-2005, 08:59 AM
wooo, good!

Ajira
09-16-2005, 02:26 AM
Is this the fix for the setrights bug?
What setrights bug are you talking about?

ForgottenLegacy
09-16-2005, 04:12 AM
What setrights bug are you talking about?

The ability for anyone and everyone who has access to a weapon script to set anyone's rights, regardless if they have that ability or not. I saw it abused once by a staffer who was fired, to get back at the Admins. It was a pretty nasty little bug, and it was basically with a clientrc + sendtext that a person could set someone's rights.

Ajira
09-16-2005, 06:17 AM
The ability for anyone and everyone who has access to a weapon script to set anyone's rights, regardless if they have that ability or not. I saw it abused once by a staffer who was fired, to get back at the Admins. It was a pretty nasty little bug, and it was basically with a clientrc + sendtext that a person could set someone's rights.
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers

ForgottenLegacy
09-16-2005, 06:23 AM
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers

Yup. Worked like a cham. Would remove every single right you shared with that person, including clearing their IPRange (so they couldn't sign on) and their Folderrights. Was a nasty little bug.

This was said on Exploit RC when I brought this bug to Stefan's attention:

Kaidenn: This is the SetRights bug.
Kaidenn: I would like it fixed before it is abused. x-x
dnd: hmmm
dnd: evil yes
ShadowBlaze - DND WORKING: lol
Kaidenn: Indeed.

Admins
09-16-2005, 03:36 PM
Most people don't know the format / values they can set though, so I have not seen someone giving themself rights. Also setting comments and the local ban was not protected. Those were functions which have been added for giving more power to the scripted RC, but have not been implemented in the RC script and that's why they weren't tested a lot.

ChibiChibiLuc
09-16-2005, 09:39 PM
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers

Come on Ajira, after all that bragging about being able to take over servers? >_>


But yeah, since this is my post for the day, I have a request:
Could a command that lets us access offline accounts be added

Ajira
09-17-2005, 06:06 AM
Come on Ajira, after all that bragging about being able to take over servers? >_>


But yeah, since this is my post for the day, I have a request:
Could a command that lets us access offline accounts be added
Actually, I was thinking a different way, didn't know it just worked with sendtext.

Velox Cruentus
09-30-2005, 08:18 AM
You know, this bug isn't fixed completely yet, Stefan, about changing rights. I managed to steal someone's Admin User without even trying (I was just testing my thoughts on it). I would tell you exactly how to proceed, but I doubt it's wise to explore this facade over opened threads.

ForgottenLegacy
10-01-2005, 08:25 AM
You know, this bug isn't fixed completely yet, Stefan, about changing rights. I managed to steal someone's Admin User without even trying (I was just testing my thoughts on it). I would tell you exactly how to proceed, but I doubt it's wise to explore this facade over opened threads.

I don't think this can be done by script...? I have no clue how that would be even remotely possible by script, if that is what you were talking about.

napo_p2p
10-01-2005, 08:40 AM
I don't think this can be done by script...? I have no clue how that would be even remotely possible by script, if that is what you were talking about.

There was a bug with GS2 (with 'sendtext') that allowed people to change rights. Velox is just saying that there still is a way.

I was possible before (looks like it still is...)

Ajira
10-01-2005, 03:18 PM
There was a bug with GS2 (with 'sendtext') that allowed people to change rights. Velox is just saying that there still is a way.

I was possible before (looks like it still is...)
But how would he steal an account with a script? @[email protected]

Sacred Shadow
10-01-2005, 04:00 PM
But how would he steal an account with a script? @[email protected]
majick

Velox Cruentus
10-01-2005, 09:24 PM
Ajira... Use your imagination!