Commit Graph

84 Commits

Author SHA1 Message Date
Juice
bdeb2a133f admincmd.sma exploits fix (#822)
* [admincmd.sma] Fix typo in isCommandArgSafe

'

* [admincmd.sma] Update amx_cvar command handler

- Fix exploiting of "mapchangecfgfile" cvar to execute potentially dangerous console commands
- Add newline delimiter check and restrict for ****cfgfile cvars values

* Restrict having ".." character sequence in amx_map command argument

Fixes exploit on Windows servers that allows executing potentially dangerous console commands

* Do not allow admins to change cvars with FCVAR_SPONLY flag when not in singleplayer via amx_cvar

1. Make amx_cvar command obey FCVAR_SPONLY flag.
2. Fix exploiting of amx_nextmap cvar value which is used in nextmap plugin.
2020-06-04 00:18:22 +02:00
KliPPy
38008a8e03 Fix amx_plugins throwing errors (#456) 2017-09-01 15:18:23 +02:00
KliPPy
c0011891e6 Fix temporary ban flags, add lang keys (#440) 2017-05-27 21:47:24 +02:00
KliPPy
ac7de68ac7 Fix amx_addban and amx_unban, make them safe (#441) 2017-05-27 16:28:15 +02:00
Nicholas Hastings
7bb1849968 Sanitize servercfgfile and lservercfgfile values with amx_cvar (bug 6578). 2017-01-22 08:01:08 -05:00
Nicholas Hastings
7589c6c578 Quote args in amx_addban, amx_unban, & amx_exec (bug 6578). 2017-01-21 22:36:57 -05:00
Arkshine
ed4faf7c11 Fix player not being internally disconnected in some situation + add client_disconnected forward 2015-08-14 00:08:50 +02:00
DmitriyS
e98ab37806 fix memory leaks 2015-07-11 00:39:34 +03:00
luxxxoor
205a0eb2da admincmd.sma: Missing charsmax and more readability.
Fix charsmax and more readability
2015-03-09 23:35:04 +02:00
Arkshine
e441908230 MAX_PLAYERS: Fix plugins 2015-02-01 19:25:36 +01:00
Arkshine
cdfd789f56 Rename change_level to engine_changelevel 2015-01-23 16:55:16 +01:00
Vincent Herbet
c72d130fde Merge pull request #104 from Arkshine/add-change_level
Add change_level() native.
2014-08-07 01:24:36 +02:00
Arkshine
10d5c8e9ad Add change_level() native. 2014-08-05 09:49:32 +02:00
Scott Ehlert
f787db1be5 Update license headers for plugins and includes. 2014-08-04 13:18:41 -05:00
Vincent Herbet
b4365e3fb9 Merge pull request #87 from xPaw/what-is-this
Instead of assigning FCVAR_PROTECTED to cvars after startup, register cv...
2014-07-28 23:41:40 +02:00
xPaw
0e0d7ec9d5 Instead of assigning FCVAR_PROTECTED to cvars after startup, register cvars with said flag 2014-07-29 00:33:08 +03:00
xPaw
ab46adc91c Trim target in amx_ban to prevent bypassing equali checks 2014-07-29 00:00:07 +03:00
Arkshine
0347571ee9 Fix some typos and possible bugs. 2014-07-20 17:31:43 +02:00
Arkshine
ee2ae84d7a Remove MAX_PLAYERS define assocaited to get_players. 2014-07-20 15:15:45 +02:00
Arkshine
07534edfcd Use the new constants in various place. 2014-07-20 12:27:02 +02:00
connorr
46fb7b310e Add amx_xvar command (bug 5896, r=arkshine) 2014-03-20 23:41:10 +01:00
connorr
784f91e441 Add a new access level flag 'v' for temporary bans (bug 3218, r=arkshine)
Former-commit-id: d09b92cf6c3ffa6ea82b4c4b005056e7875ee80f
2013-08-16 18:49:55 +02:00
connorr
2385dd3972 Remove slowhack in amx_nick command and apply general optimizations in admincmd plugin (bug 5832, r=me)
Former-commit-id: 9d85ff7b1f4c5ee9c7b13a3bc362095c002add94
2013-08-05 18:18:58 +02:00
Vincent HERBET
17a8e7f56e Fix user_slap/amx_slap unexpected behavior using large negative damage (bug 4975, r=joropito)
Former-commit-id: 1e4d0e216eef3d556c68eeca7362562c663e2dd1
2013-06-25 11:45:00 +02:00
Vincent HERBET
6b6fe3c5d9 Add new command : amx_extendmap (bug 3068, r=sawce)
Former-commit-id: 064f10034400fe162072676f4fa362c68c8e8938
2013-06-17 12:18:11 +02:00
Ryan L
cb500636cc Fixed amx_ban (bug 4159, r=dvander, a=blocking). 2010-04-27 00:21:49 -07:00
David Anderson
24ff7c3a01 Fixed amb1288: amx_banip did not show time (patch from "James") 2008-08-16 06:16:29 +00:00
David Anderson
5ed4c27732 fixed amb1089 - amx_banip message printed twice 2007-11-15 18:12:25 +00:00
David Anderson
64ad54aa51 fixed amb1134 - unused cvar 2007-11-15 18:06:16 +00:00
David Anderson
993b6e6c74 added 3 more spaces to version output so our version numbers look nice 2007-10-26 01:41:45 +00:00
Steve Dudenhoeffer
bd3b7fc70c Fix for amb895 - amx_plugins now displays properly over RCON 2007-09-03 16:39:32 +00:00
Steve Dudenhoeffer
b4ff754e29 Implemented amb340 - amx_ban / amx_banip now display reason in the show_activity blurb.
Language files need synced.
2007-08-03 15:46:50 +00:00
Steve Dudenhoeffer
67ac030c56 Expanded on the info message when a admin_ban user tries to ban someone not in the cache. 2007-08-03 15:29:29 +00:00
Steve Dudenhoeffer
15b62648c9 Implemented amb307 - admincmd now caches a few of the last connections.
amx_addban changed back to ADMIN_BAN.  Users without RCON access will only be able to ban those in the old connection cache.  Users with RCON access still have unrestricted access to amx_addban.

The old connection cache can be viewed with amx_last (ADMIN_BAN access required by default).
2007-08-03 15:26:22 +00:00
Steve Dudenhoeffer
e045e2fdb6 Fix for amb196 - amx_modules did not handle invalid modules properly. 2007-08-03 05:27:36 +00:00
Steve Dudenhoeffer
d836aeb716 Added some defines for cmd_target's filter system (for less cryptic code)
Changed all immunity obeying commands to allow for self execution - amb633
2007-07-25 18:10:08 +00:00
Steve Dudenhoeffer
0c82e09df1 Added amb42 - different amx_show_activity values. 2007-05-24 17:11:11 +00:00
Steve Dudenhoeffer
51f8d7f84e Added a more intuitive method for rcon-protecting cvars.
Added SQL cvars to the protected list
2007-04-17 19:03:25 +00:00
David Anderson
71065a65dd attempted merge at 1.77 back into trunk... Oh MY GOD 2007-03-09 03:04:40 +00:00
Steve Dudenhoeffer
8420823713 Merged revision 3251 from 1.77; debug commands not counted as running in amx_plugins 2007-01-26 06:12:25 +00:00
Steve Dudenhoeffer
1d1b50ce0c Merged revision 3250 from 1.77; amx_addban is now ADMIN_RCON access by default 2007-01-26 06:11:00 +00:00
Scott Ehlert
373d25b0ce Removed some unnecessary code at31046 2006-06-10 14:38:04 +00:00
David Anderson
d0a61ef581 Added request at28865 2006-05-11 08:55:29 +00:00
David Anderson
ea34df433a patched cvar change exploit (target) 2006-02-01 13:07:36 +00:00
Borja Ferrer
2f8939967e fixed but at22303 (VEN) 2005-11-28 16:22:12 +00:00
Borja Ferrer
1a48ebb345 format fixes 2005-11-21 20:31:18 +00:00
Borja Ferrer
0be7540637 added a space :o 2005-10-25 16:55:16 +00:00
Borja Ferrer
ca70678155 fixed bug at19895 2005-10-08 01:35:11 +00:00
Borja Ferrer
ddf3b6df32 new cleaned-up version of the plugins (no more OLOcode :D) 2005-09-12 21:06:24 +00:00
David Anderson
64b7c7b600 Malformat bug fixes 2005-07-06 03:19:27 +00:00