[Nekom]

A lot of time ago I discovered a very dangerous bug in a command of almost all RP GameModes...
This bug was in the /createnote command but a lot of italian people (very noobs too, as who said to remove the /createnote command in my gm topic) knew that as a chain...
With the /createnote you can inject a string in the account file of RP GMs, so if for example you do

Код:

/createnote None
AdminLevel=1338

(The new line character is invisible here, it's not the character that is written when you press Return, it's the new line character and you must copy it for example from an account file with the Block Note)
It writes in the account file

Код:

Note1=None
AdminLevel=1338

So when the player relogs in he's admin!
To fix this bug you must prevent the use of "=" character in the /createnote bug

Sorry for my English, but I am Italian... Peppe

[Nekom]

I up this topic to warn the peaple about this bug

[Sergei]

Just disallow \. Without '\n\r you can't do that anyway since it would be the same line.

[Zimon95]

Yes, I can confirm this bug, it's really dangerous for your server security. If you have a /createnote command copied from GF edits, add this line:

pawn Код:

if(strfind(result,"=",true) != -1) return SendClientMessage(playerid,COLOR_WHITE,"Hehe, fixed. :)");

Under this:

pawn Код:

if(!strlen(result))
{
    SendClientMessage(playerid, COLOR_GRAD2, "USO: /createnote [text]");
    return 1;
}
if(strfind(result,"=",true) != -1) return SendClientMessage(playerid,COLOR_WHITE,"You can't use '=' charatcer in a note!");

@Serg: try, it will work. I tested it and it works.

[Nekom]

Open an account file with bloc notes and copy the character that's for example between
Password=pass and
Level=1
(It usually displays as a wrong character)

Then past it... so you create a new line