on *:text:!say *:#:{ msg $chan $2- }This
cannot be exploited, because by default, everything will only be evaluated
once. This means that $chan is transformed into the channel name, and $2- is transformed into the text after !say. The same thing would happen if you changed msg to /msg or //msg, because that's how remote scripts work. The
only way you could make this script exploitable is by adding some code that makes the $2- evaluate an extra time, for example by changing it to:
on *:text:!say *:#:{ .timer 1 1 msg $chan $2- }..because timers evaluate everything once when the timer is started, and then an extra time when the timer fires (ie. after one second in this case). So any $identifiers in the text after !say will be evaluated. /scon, /scid and /flash all behave in this fashion too; they evaluate everything an extra time.
Or:
on *:text:!say *:#:{ msg $chan $eval($2-,2) }$eval() is used to control how many times you want something to evaluate. If you decide to evaluate $2- twice, instead of the default (once), then all identifiers within the text will be evaluated.
To explain this with an example, let's say somebody types:
!say I want this to evaluate: $findfile(c:,*,1)
Then $2- will evaluate to:
I want this to evaluate: $findfile(c:,*,1)
But if you evaluate it once more, then the $findfile() in that message will also be evaluated. If you evaluated it a third time, then the filename returned by $findfile() would also be evaluated (so if it found a file called "$time", that would evaluate to the time), etc etc.
If you don't already know how evaluation works it can seem complex and daunting, but it's really not that hard to understand.
