Page MenuHomeFeedback Tracker

Map display event handlers not being destroyed after switching servers
New, NormalPublic

Description

Players are able to attach event handlers to any control on display 12 (map display) and it will not be destroyed if they switch multiplayer servers. This allows players to run client side code on servers they do not have access to.

Details

Severity
Major
Resolution
Open
Reproducibility
Always
Operating System
Windows 10 x64
Category
Multiplayer
Steps To Reproduce
  1. Run the following on a local hosted multiplayer server,
((findDisplay 12) displayCtrl 1202) ctrlAddEventHandler ["ButtonClick", "
  hint 'ran';
"];
(finddisplay 46) closeDisplay 0;
  1. The following step should of kicked you to the lobby, leave the server and join a different multiplayer server.
  2. Click the move map to player button.
  3. Code within event handler runs.
Additional Information

We have fixed this issue on our servers by stripping every event handler. This can also be seen on a popular cheating site, here.

Event Timeline

Digitals created this task.Mon, Apr 1, 10:34 PM
Digitals edited Additional Information. (Show Details)
Digitals edited Steps To Reproduce. (Show Details)Mon, Apr 1, 10:37 PM
Digitals changed Category from General to Multiplayer.Mon, Apr 1, 10:41 PM

@Bohemia @Dwarden @oukej Game breaking issue, allows running client side code on servers you don't have access to.

geo9 added a subscriber: geo9.Tue, Apr 16, 7:33 PM

@Bohemia any progress with this??