• sendlua with playername sent without messing with the string unexploitable
    16 replies, posted
[lua]local chattingplayer = string.PatternSafe(pl:GetName()) print(chattingplayer) print("chat.AddText("..chattingplayer.."\"Just called a raid\")") v:SendLua("chat.AddText(\""..chattingplayer.." Just called a raid\")") [/lua] So i have this right here but it only wants to put % in front of my [] in my name I would like to make the string safe but not have the % This is what i get in console printing those out %[πBald%]Peklenc chat.AddText(%[πBald%]Peklenc"Just called a raid")
[url]http://wiki.garrysmod.com/page/string/Replace[/url]
[lua]v:SendLua("chat.AddText(\""..string.Replace(chattingplayer,"%","").." Just called a raid\")")[/lua] Would this still be safe then? [editline]9th October 2015[/editline] in console %[πBald%]Peklenc chat.AddText("[πBald]Peklenc Just called a raid") in chat [πBald]Peklenc Just called a raid
No because SendLua can be used to exploit.
only if the end user can change what is in it (ie using their name)
string.format with the %q flag. Stop trying to use PatternSafe, that's for patterns: not Lua.
If you're using chat.addtext with no colors just use player:ChatPrint ....
If you're not using any colors in chat.AddText, you might as well just use [img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/Global/PrintMessage]Global.PrintMessage[/url] or [img]http://wiki.garrysmod.com/favicon.ico[/img] [url=http://wiki.garrysmod.com/page/Player/PrintMessage]Player:PrintMessage[/url] for a specific person. [lua]PrintMessage( HUD_PRINTTALK, ply:Nick() .. " just called a raid!" )[/lua] You really shouldn't use SendLua - if you needed to run a function on the client, this is how you would do it with net messages: [lua]-- put in a serverside file: util.AddNetworkString( "RaidMessage" ) function RaidMessage( ply ) net.Start( "RaidMessage" ) net.WriteString( ply:Nick() .. " just called a raid!" ) net.Broadcast() end -- put in a clientside file: net.Receive( "RaidMessage", function() local msg = net.ReadString() chat.AddText( msg ) end )[/lua]
im going to be using colors i was just making it simple at first bc i was getting an error related to the string crap in sendlua (figured the error out i just want this to be safe) [editline]9th October 2015[/editline] ok so.... is this safe or not? [lua] local chattingplayer = pl:GetName() v:SendLua("chat.AddText(\""..string.format(chattingplayer).." Just called a raid\")") [/lua] Can someone explain to me how it is not with an example if it is not safe [editline]9th October 2015[/editline] since people cant get past the fact that im using addtext without color [lua] local chattingplayer = pl:GetName() v:SendLua("chat.AddText(Color(0,255,0,0), \"[RAID]\",Color(255,0,0,0), \""..string.format(chattingplayer).."\",Color(0,0,0,0),\" Just called a raid\")") end [/lua]
Page 109, section 12.2. [url]https://dl.dropboxusercontent.com/u/14265905/Programming%20in%20Lua%205.1.pdf[/url]
Thanks so much willox, going to have to bookmark that manual :) [lua]v:SendLua("chat.AddText(Color(0,255,0,0), \"[RAID]\",Color(255,0,0,0), \""..string.format( chattingplayer,"%q").."\",Color(0,0,0,0),\" Just called a raid\")")[/lua] From what i am reading this is how i should do it? [editline]9th October 2015[/editline] [lua] function raidin( pl, text ) if (text == "/raid") then for k, v in pairs( player.GetAll() ) do if v:IsAdmin() or v:IsSuperAdmin() or v:IsUserGroup("mod") or v:IsUserGroup("Toaster") or v:IsUserGroup("gold_mod") then local chattingplayer = pl:GetName() v:SendLua("chat.AddText(Color(0,255,0,0), \"[RAID]\",Color(255,0,0,0), \""..string.format( chattingplayer,"%q").."\",Color(0,0,0,0),\" Just called a raid\")") end end end end hook.Add( "PlayerSay", "raidin", raidin ) [/lua] System for calling raid without giving away the element of surprise... (thank you again willox)
It would be way less complicated to just use the net library.
[url]https://github.com/Facepunch/garrysmod-requests/issues/122[/url] Keep asking there, and Robotguy might add serverside support for colored chat messages. So we wouldn't have to make same hack for all of our addons.
[lua] local plyMeta = FindMetaTable( "Player" ) util.AddNetworkString( "ColorChat" ) function plyMeta:ColorChatPrint( ... ) net.Start( "ColorChat" ) net.WriteTable( { ... } ) net.Send( self ) end [/lua] [lua] net.Receive( "ColorChat", function() chat.AddText( unpack( net.ReadTable ) ) end ) [/lua] Simple as that.
[QUOTE=meharryp;48871808][code] chat.AddText( unpack( net.ReadTable ) ) [/code][/QUOTE] You forgot () after ReadTable.
Easier to use networking than sendlua
[QUOTE=mijyuoon;48872824]You forgot () after ReadTable.[/QUOTE] I meant to do that.
Sorry, you need to Log In to post a reply to this thread.