Hey, as default on my Hommies server, players do not have interact. The server is on minetesthosting.com and 0.4.14. Somebody WITHOUT interact privs edited different signs around spawn.
BTW, I thought I had posted this before, but either (A) I really didn't, (B) I did, but the forums have a bug, or (C) an admin/moderator deleted it. :P
Edit signs without interact priv?!?
- addi
- Member
- Posts: 666
- Joined: Thu Sep 20, 2012 03:16
- GitHub: adrido
- Location: Black-Forest, Germany
Re: Edit signs without interact priv?!?
hmm looks like that old bug is back: https://github.com/minetest/minetest_game/issues/210
Maybe in combination with a manipulated client
Maybe in combination with a manipulated client
- sorcerykid
- Member
- Posts: 1841
- Joined: Fri Aug 26, 2016 15:36
- GitHub: sorcerykid
- In-game: Nemo
- Location: Illinois, USA
Re: Edit signs without interact priv?!?
Were the signs protected? Afaik, the formspects for default signs use client-side prediction. And validation of that form doesn't occur until submission. And at least in 0.4.14, there is no check for privileges only protection (see below). I imagine this bug also affects unlocked chests and bookshelves for the same reason.
Code: Select all
on_receive_fields = function(pos, formname, fields, sender)
--print("Sign at "..minetest.pos_to_string(pos).." got "..dump(fields))
local player_name = sender:get_player_name()
if minetest.is_protected(pos, player_name) then
minetest.record_protection_violation(pos, player_name)
return
end
local meta = minetest.get_meta(pos)
if not fields.text then return end
minetest.log("action", (player_name or "") .. " wrote \"" ..
fields.text .. "\" to sign at " .. minetest.pos_to_string(pos))
meta:set_string("text", fields.text)
meta:set_string("infotext", '"' .. fields.text .. '"')
end,
-
- Member
- Posts: 3476
- Joined: Sun Jul 12, 2015 22:51
- GitHub: BBmine
- IRC: BBmine
- In-game: Baggins
- Location: USA
Re: Edit signs without interact priv?!?
It was not protected because I use the free version of that hosting service, which only includes vanilla and external_cmd. Maybe I should stop having my furnaces stuffed......sorcerykid wrote:Were the signs protected? Afaik, the formspects for default signs use client-side prediction. And validation of that form doesn't occur until submission. And at least in 0.4.14, there is no check for privileges only protection (see below). I imagine this bug also affects unlocked chests and bookshelves for the same reason.
Code: Select all
on_receive_fields = function(pos, formname, fields, sender) --print("Sign at "..minetest.pos_to_string(pos).." got "..dump(fields)) local player_name = sender:get_player_name() if minetest.is_protected(pos, player_name) then minetest.record_protection_violation(pos, player_name) return end local meta = minetest.get_meta(pos) if not fields.text then return end minetest.log("action", (player_name or "") .. " wrote \"" .. fields.text .. "\" to sign at " .. minetest.pos_to_string(pos)) meta:set_string("text", fields.text) meta:set_string("infotext", '"' .. fields.text .. '"') end,
Oh also, I tried banning the guy who did that, but because he was not online at the time, it wouldn't ban him >:(
-
- Member
- Posts: 3476
- Joined: Sun Jul 12, 2015 22:51
- GitHub: BBmine
- IRC: BBmine
- In-game: Baggins
- Location: USA
Re: Edit signs without interact priv?!?
I just did a test with a client that has no interact privs. I can't even right-click on anything. Not even signs. So either that player was cheating, or he had an old, dumb client. The trick is how to ban him. :P
- sorcerykid
- Member
- Posts: 1841
- Joined: Fri Aug 26, 2016 15:36
- GitHub: sorcerykid
- In-game: Nemo
- Location: Illinois, USA
Re: Edit signs without interact priv?!?
Thanks for the heads up. It looks like right-clicking is indeed disabled once interact is revoked. That is very good to know.
-
- Member
- Posts: 3476
- Joined: Sun Jul 12, 2015 22:51
- GitHub: BBmine
- IRC: BBmine
- In-game: Baggins
- Location: USA
Re: Edit signs without interact priv?!?
Oh, if you want to test it with different clients, the server is: minetesthosting.com PORT: 30352 :)
You will have no interact by default, unless I already granted you interact, in which case, create another account.
You will have no interact by default, unless I already granted you interact, in which case, create another account.
Who is online
Users browsing this forum: No registered users and 7 guests