|
Yasden Beginner
Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD
|
Posted: Mon Aug 29, 2005 8:27 pm
Trigger Abuse |
Hi all, I've got a simple trigger that I can't seem to figure out a way to prevent abuse of!
#trig {^(%w) has just given you * consent.} {group %1}
Now, here's the abuse being committed, via emote:
CertainSomeone ;#trig {CertainSomeone tells you '(%1)'} {%1;#gag}; has just given you his consent.
As you can tell, this sets up a robot to make the person manipulate me any way they see fit.
So, my question of the day is: How do you prevent trigger abuse from within the middle of a trigger text? |
|
|
|
Vijilante SubAdmin
Joined: 18 Nov 2001 Posts: 5182
|
Posted: Mon Aug 29, 2005 8:56 pm |
Start by using quotes.
#trig {^(%w) has just given you * consent.} {group "%1"}
The quotes should be stripped when the command is sent by zMud. The quotes will also prevent special character from being interpretted.
In the particular trigger you described, the extra offensive text should not even have been captured. In fact, the trigger shouldn't have even matched. So I can suggest no further improvements there. |
|
_________________ The only good questions are the ones we have never answered before.
Search the Forums |
|
|
|
Yasden Beginner
Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD
|
Posted: Mon Aug 29, 2005 9:18 pm |
I am aware of this. Using quotes did not fix the problem either. What this emote is doing is essentially forcing the trigger to fire, breaking it in the middle with a separate creation of a trigger.
I tested the string myself, and it does not match. But it's only not matching the "group %1" command.
Abusing it myself using #say to emulate the emote, here's what I was able to deduce.
#say Someone ;#trig {Someone tells you '(%1)'} {%1;#gag}; has just given you his consent.
The output is:
Someone (cyan ansi from the #say)
<newline>
has just given you his consent. (yellow ansi as though it were a mud command)
Pardon? <-- result of invalid command
I open the triggers section, and sure enough, there's a nice little robot trigger for Someone to tell me to do whatever they want. |
|
|
|
Aarlot Adept
Joined: 30 Dec 2003 Posts: 226
|
Posted: Mon Aug 29, 2005 9:31 pm |
It looks like the problem is in your testing. When you do that line, the all the ";" are being evaluated right then. So it's the same as sending:
#say Someone
#trig {Someone tells you '(%1)'} {%1;#gag}
has just given you his consent.
Unless you use ~ in front of them, those semi-colons are getting evaluated in the command line. |
|
_________________ Everyone is entitled to their beliefs - until they die. Then only the truth matters. |
|
|
|
Yasden Beginner
Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD
|
Posted: Mon Aug 29, 2005 10:45 pm |
I'm not trying to abuse a trigger...this trigger is mine, and it's being abused in that manner. I'm trying to figure out how to prevent it, not ask the abuser to use a tilde in front of their semicolons.
|
|
|
|
nexela Wizard
Joined: 15 Jan 2002 Posts: 1644 Location: USA
|
Posted: Tue Aug 30, 2005 2:33 am |
Until someone figures out a way to get around this I would report this to your mud admins as a form of harrasment. Once is mischief, twice is harrasment and most muds have severe penalties for harrasment.
I will see what I can come up with tommorow but I lack the time right now. |
|
|
|
Larkin Wizard
Joined: 25 Mar 2003 Posts: 1113 Location: USA
|
Posted: Wed Aug 31, 2005 12:14 pm |
As Vijilante said, the pattern you showed in your post, Yasden, wouldn't even match such a message as this emote. The only way I would think it could be abused is if you used the %* wildcard instead, which everyone knows by now is a big no-no.
|
|
|
|
Yasden Beginner
Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD
|
Posted: Wed Aug 31, 2005 9:31 pm |
It doesn't match. I already said that. It doesn't match the intended output, which is "group %1".
What it *does* do, though, is read the syntax between the semicolons and sets up a nice little robot trigger.
----------
Normal trigger:
Joe has just given you his consent.
group Joe
----------
----------
Someone abusing the trigger:
Someone ;#trig {Someone tells you '(%1)'} {%1;#gag}; has just given you his consent.
Someone
Pardon?
<insert new trigger code>
has just given you his consent.
Pardon?
Someone tells you 'say i'm a robot now' <-gagged
You say 'i'm a robot now'
Someone tells you 'shout i'm a moron' <-gagged
You shout 'i'm a moron'
----------
That's what I'm trying to prevent.
Once again, my actual trigger is this:
#trig {^(%w) has just given you * consent.} {group %1}
I'm using 7.13, too. |
|
|
|
nexela Wizard
Joined: 15 Jan 2002 Posts: 1644 Location: USA
|
Posted: Thu Sep 01, 2005 12:27 am |
I just live tested this with an outside source and cannot reproduce? do you have any other triggers that might cause something like this?
|
|
|
|
Atreides_096 Wanderer
Joined: 21 Jan 2005 Posts: 99 Location: Solvang, CA
|
Posted: Thu Sep 01, 2005 1:55 am |
I'm with the others in that this should not be happening, since the patterns don't match. But I will propose 4 things here:
1) Perhaps you have another trigger which is actually the one being abused? This seems most likely to me.
2) Try getting a bit more specific in your trigger. I am not sure what MUD you play, what pattern you are matching, but I can't figure out why you've got a wildcard in that trigger. It seems to me that there's not that many combinations of wording you could be replacing that properly fit into that sentence. Perhaps simply putting those words into a string variable, and then matching that? For example:
Code: |
#var {groupactivater} {grouping|leading|following}
#ac {^(%w) has given you @groupactivater consent.$} {group %1} |
3) Or you could make an allowed list:
Code: |
#var {groupallowed} {MudderA|MudderB|MudderC}
#ac {^(%w) has given you (*) consent.$} {#if %ismember( %1, @groupallowed)} {group %1} {#beep;#say Potential abuse detected} |
4) Lastly, make sure you "protect" your trigger with a $ at the end as well as the ^ in front :P |
|
|
|
Tarn GURU
Joined: 10 Oct 2000 Posts: 873 Location: USA
|
Posted: Thu Sep 01, 2005 5:25 am |
Yasden wrote: |
What it *does* do, though, is read the syntax between the semicolons and sets up a nice little robot trigger.
|
When I define the trigger (copy/pasted from your first post):
#trig {^(%w) has just given you * consent.} {group %1}
and the server sends the string (copy/pasted from your 31 Aug 23:31 post):
Someone ;#trig {Someone tells you '(%1)'} {%1;#gag}; has just given you his consent.
(as one line with a newline terminator)
I do not reproduce your problem (no new trigger is created). 7.13b.
Can you try it in a newly created session having only that one trigger with a friend on the server?
-Tarn |
|
|
|
Maelstrom Apprentice
Joined: 10 Feb 2005 Posts: 158
|
Posted: Thu Sep 01, 2005 5:01 pm |
Since the wildcard is the issue remove it and make your trigger more specific.
#trig {^(%w) has just given you {his|her} consent.$} {group %1} |
|
|
|
Yasden Beginner
Joined: 19 Mar 2005 Posts: 17 Location: TorilMUD
|
Posted: Sun Sep 04, 2005 11:10 pm |
I've added the $ to the end, I've edited the wildcard to say {his|her|its}, and I'm still having this problem.
There is no other trigger it's manipulating. I'm using a copy of zMUD from 6-15-05...is that the one prior to 7.13b? Maybe it's a setting in the trigger itself or perhaps in zMUD?
I play TorilMUD (torilmud.org 9999), aka Sojourn.
Just to note, I use a #say in front of that test string (the abusive one) live, while in the MUD, to emulate someone doing it. If a player is actually consenting, it does work.
Code: |
#say Bob ; #trig {Bob tells you '%1'} {%1;#gag}; has just given you his consent. |
|
|
|
|
Vijilante SubAdmin
Joined: 18 Nov 2001 Posts: 5182
|
Posted: Sun Sep 04, 2005 11:27 pm |
To actually emulate someone sending this try using:
#say "Bob ; #trig {Bob tells you '%1'} {%1;#gag}; has just given you his consent."
As Aarolot said:
Quote: |
It looks like the problem is in your testing. When you do that line, the all the ";" are being evaluated right then. So it's the same as sending:
#say Someone
#trig {Someone tells you '(%1)'} {%1;#gag}
has just given you his consent.
Unless you use ~ in front of them, those semi-colons are getting evaluated in the command line. |
The doublequotes I suggest cause zMud to view the entire contents within as a single parameter that is not subject to expansion or evaluation.
I am also locking this topic. If you really feel the need to post more on this, hopefully with a trigger that actually matches your test text, no one will complain; but everything here has been covered thoroughly. |
|
_________________ The only good questions are the ones we have never answered before.
Search the Forums |
|
|
|
|
|