 |
Edwub
Wanderer
Joined: 21 Nov 2002
Posts: 85
Location: USA
|
 Posted: Sun Jan 26, 2003 5:32 am
Preventing abuse with Disable
|
A while ago Seamer mentioned the relative cruelty of #DDE.
Well, it's spread like an epidemic on my mud.
It's great in that all my triggers are pretty well constructed and that it only worked once on me ( I was quoting it to a different channel and set it off by a typo).
Is there any option to disable all #DDE commands, or some sort of trigger to not do anything if its a #DDE command?
Want to spread it to everyone else.
Thanks
Edwub the Mage |
|
|
|
|
LightBulb
MASTER
Joined: 28 Nov 2000
Posts: 4817
Location: USA
|
Posted: Sun Jan 26, 2003 6:32 am
|
Refrain from using the %* wildcard. Use * instead.
This warning has been repeated over and over here, so when I see people post triggers using %*, I suspect they are hoping to find people to take advantage of.
LightBulb
Senior Member |
|
|
|
|
Kjata
GURU
Joined: 10 Oct 2000
Posts: 4379
Location: USA
|
Posted: Sun Jan 26, 2003 1:08 pm
|
Like LightBulb said, the best way to be safe is not to use unsafe methods. %* is unsafe because it allows matching of ; which allows other users to execute commands in your zMUD.
However, if you absolutely must use %*, then the only safe way (it could be fooled, but there is now way I know of up until now) is to use this syntax:
#TRIGGER {^%w says '&%*{message}'$} {#SAY {The captured part was @message, and it can't execute code on my zMUD.}}
When using this syntax, always access the macthed text using the variable, never use the corresponding %n, since that is what allows other people to execute code on your zMUD. Also, remember to always anchor triggers whenever possible.
Kjata |
|
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
