Okay, I see no other way at pointing this out on the forum, since I have so far been ignored as to my previous posts pointing this bug out...
On the hunt to fix the custom command nick bug (1928194 on sourceforge) myself, I found that if two conditions of the regular settings are set to true, *any* script can be sent into a crashing eternal loop. The script then keeps spinning on the Ajax client-server connection sending itself into an uninterruptable answer-response-dialogue.
The only way to save the server then is to delete all cache, logs and the index.php, and reinstall the files; a regular ID as admin to force a rehash alone after undoing the script changes alone did not get my server out of that loop anymore.
I consider this a major security flaw; it could happen to anyone setting their script to these two particular conditions (which I will not reveal here) and using the current custom command setup.
Contact me for details if you care.
How to _crash_ phpFreeChat. Please fix!
Moderators: OldWolf, re*s.t.a.r.s.*2
3 posts
• Page 1 of 1
by fabian » Fri Apr 11, 2008 9:18 pm
Please also see the "custom commands ignore nick" bug report of mine; this is easily fixable, BUT the current version leaves this gap open!
If a system admin installs a custom command using the current code, custom commands do not report the correct nick back for those that called the custom command, but a newly reinitiated one. Only two more conditions need then to be set to send the server into a spiralling panic:
- If the admin decides that each user should get a random default nick that is different upon first login (e.g.: "Guest #123", i.e. "Guest #" with a random number added), AND
- if the admin sets Nicks to be fixed.
What happens if you then do the custom command (here, "/roll 1d8") is this:
1. The server tries to roll the dice, and attempts to report the user's nick.
2. Oops, I don't know the nick. What is the default nick?
3. Aah, a random number. Let me create one. "Guest #103".
4. The server reports: "Guest #103 1d8 ... 4"
5. and then thinks: Wait, the nick should be locked , and I just changed it... let's reset it... and REPEATS the custom command call, upon which....
6. Goto Step 2.
And then, off you go spinning the chat into eternity.
You should really remove the current custom command code urgently and update it. It's too easy to run into this problem.
And now please, somebody thank me for fixing your code
If a system admin installs a custom command using the current code, custom commands do not report the correct nick back for those that called the custom command, but a newly reinitiated one. Only two more conditions need then to be set to send the server into a spiralling panic:
- If the admin decides that each user should get a random default nick that is different upon first login (e.g.: "Guest #123", i.e. "Guest #" with a random number added), AND
- if the admin sets Nicks to be fixed.
What happens if you then do the custom command (here, "/roll 1d8") is this:
1. The server tries to roll the dice, and attempts to report the user's nick.
2. Oops, I don't know the nick. What is the default nick?
3. Aah, a random number. Let me create one. "Guest #103".
4. The server reports: "Guest #103 1d8 ... 4"
5. and then thinks: Wait, the nick should be locked , and I just changed it... let's reset it... and REPEATS the custom command call, upon which....
6. Goto Step 2.
And then, off you go spinning the chat into eternity.
You should really remove the current custom command code urgently and update it. It's too easy to run into this problem.
And now please, somebody thank me for fixing your code
- fabian
- Member
- Posts: 20
- Joined: Fri Mar 28, 2008 11:39 am
- Location: Berlin, Germany
by OldWolf » Sat Apr 12, 2008 4:42 am
Thanks for finding and fixing this error. 
Signature:
Read before Posting: Forum Rules
Note: I am unable to offer support through PM/e-mail at this time.
Read before Posting: Forum Rules
Note: I am unable to offer support through PM/e-mail at this time.
- OldWolf
- Site Admin
- Posts: 1918
- Joined: Sun Sep 23, 2007 5:48 am
3 posts
• Page 1 of 1
Return to General Support (v1.x)
Who is online
Users browsing this forum: No registered users and 4 guests
