Jump to content

plantregistry file should be restricted

mmdx

By mmdx

    • Pending

in klei"s code

function PlantRegistryData:Load()
    TheSim:GetPersistentString("plantregistry", function(load_success, data)
        if load_success and data ~= nil then
            local success, plant_registry = RunInSandbox(data)
            if success and plant_registry then
                self.plants = plant_registry.plants or {}
                self.fertilizers = plant_registry.fertilizers or {}
                self.pictures = plant_registry.pictures or {}
                self.filters = plant_registry.filters or {}
                self.last_selected_card = plant_registry.last_selected_card or {}
            else
                print("Failed to load the plantregistry!", plant_registry)
            end
        end
    end)
end

plantregistry allown moder run scripts without any mod enable
now i found someone are using it spawn invisiable pumbking for player
plantregistry code should be restricted!
 
Steps to Reproduce

plantregistry file should be restricted

  • Like 2
Go to bugs

User Feedback


Cliffford W.

If you changed that file on your side it would only trigger on your client side which wouldnt show on the server for anyone.

Share this comment

Link to comment
Share on other sites
Rickzzs
4 hours ago, Cliffford W. said:

If you changed that file on your side it would only trigger on your client side which wouldnt show on the server for anyone.

It can infect the server if the client is admin. 

Edited by Rickzzs

Share this comment

Link to comment
Share on other sites
mmdx
3 hours ago, Cliffford W. said:

Ah right. Endless pain

Let's sort out our thoughts. If a server has a module that everyone needs to enable, it can try to write a file on all clients. Then these clients can try to influence the server to enable the original malicious module on their own servers, which will form a chain of transmission. The two previous times, once io was disabled and once skinapi could not be called in the mod, aren't these both superficial measures and not fundamental ones? Why can't you just disable the source? Will the next time the malicious code uses c_reset() to infinitely reset the game, you still write these codes so that they cannot be called in the module? This is ridiculous.

Share this comment

Link to comment
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...