|
Joined: Nov 2006
Posts: 5
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: Nov 2006
Posts: 5 |
I'm trying to get a script working that will gag users for 5 minutes, then automatically ungag them, but can't get it working how I want it to. The following is what i've got so far: if (!gag isin $1) { /mode $2 +z | /msg # $2 has been gagged for 5 minutes | /setvar %gag $nick | timer1 300 /mode %gag -z } I'm getting the following errors: * /timer1: invalid parameters (line 39, opercommands.mrc) - SETVAR Unknown command I also want to edit that so that it will message the channel to say that the user is no longer gagged once the 5 minutes are up, but can't work out how to code it so that it all works.
Last edited by CSC2YA; 03/05/08 09:52 PM.
|
|
|
|
Joined: Oct 2004
Posts: 8,330
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
on *:text:*:#: {
if ($1 == !gag && $2 ison $chan) {
mode $2 +z
msg $chan $2 has been gagged for 5 minutes
.timer 1 300 mode $2 -z
}
}
The main problems being that /setvar is not a valid command. You can use /set or you can use /var depending on what you're doing. Also, you missed a space after timer for your other error. One other issue you had is that you can only every have 1 nick automatically ungagged the way you are setting a variable like that. Also, you were ungagging the person doing the command rather than $2. The changes made fix all 3 issues and make it a little more efficient. Note that I stuck it into an on TEXT event just to show how it fits into a script. If you have it in some other event, you can just insert the part that is inside this on TEXT into whatever event you already have set up. EDIT: Edited to make the timer safe. Keep in mind that you should, of course, limit the ability to use this command to approved nicks or only yourself, which also will help prevent misuse. I would actually assume this command would be either an alias or an on INPUT anyhow.
Last edited by Riamus2; 04/05/08 01:12 AM.
Invision Support #Invision on irc.irchighway.net
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
It's been pointed out an awful lot of times, but I'll point it out again: passing unknown content to /timer can be dangerous. In this case $2 is just a single word, which limits serious attacks like $findfile to mere annoyances (counting the number of files in C: can be pretty annoying though!), if you ignore aliases. If the attacker knows that the victim has a potentially dangerous alias, they can use that. In this case somebody could type "!gag $p" and have the bot part the channel or something like that. I think you get the point. I realise it may not be easy for an inexperienced scripter to properly escape stuff passed to /timer, so here's an alias that should help: ; it's important to keep the spacing exactly as it is
alias safe return $!decode( $encode($1,m) ,m) Then one can use $safe($2) instead of $2 in /timer, /scon or /scid. The only problem with that is having $encode/$decode disabled for security reasons (a somewhat ironic situation). In such cases, the following (uglier, slower and more prone to hit the maximum-string-length limit) alternative could be used: alias safe2 bset -tc &a 1 $1 | return $!regsubex(safe, $bvar(&a,1-) ,/(\d+)(?: |$)/g,$chr(\1)) Edit: this recent report implies that even single-word identifiers like $2 can be used to execute arbitrary commands, which makes escaping them even more important.Edit 2: added -c switch in /bset to avoid problems with multiple calls in the same script (thanks Wims)
Last edited by qwerty; 24/01/10 12:52 PM.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Sep 2005
Posts: 2,881
Hoopy frood
|
Hoopy frood
Joined: Sep 2005
Posts: 2,881 |
Sorry to bump an old thread, but it's worth noting that /flash also double evaluates content. This is what caused an exploit in PnP a while back.
Think it's worth making a sticky about /timer, /scon, /scid, /flash and any other potentially dangerous situations q?
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
Good idea, a sticky might help. I'll make one soon.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Jul 2006
Posts: 4,180
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 4,180 |
I have noticed that the $safe2 alias isn't working really well, the binary var is never unset before using /bset, this result with some old characters in it : //Echo -a $($safe2(longggggggggggg) $safe2(short),2) I think it would be good if the code could be edited with the use of /bunset &a before the /bset.
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
|
Joined: Jul 2008
Posts: 236
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
I wonder if you've noticed how there was no response, Wims...
Last edited by s00p; 24/01/10 02:41 AM.
|
|
|
|
Joined: Jul 2006
Posts: 4,180
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 4,180 |
And how the sticky never has been made
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
|
Joined: Jul 2008
Posts: 236
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
Mostly how safe2 was never fixed.
|
|
|
|
Joined: Feb 2009
Posts: 133
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
use "$strip($1) == !gag" is better
WorldDMT
|
|
|
|
Joined: Jul 2008
Posts: 236
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
"better" is not well defined, so your statement is void.
|
|
|
|
Joined: Feb 2009
Posts: 133
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
WorldDMT
|
|
|
|
Joined: Jul 2007
Posts: 1,129
Hoopy frood
|
Hoopy frood
Joined: Jul 2007
Posts: 1,129 |
So does using $strip help to prevent code exploits?
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
No, it doesn't help prevent exploits, but it does allow people with scripts that alter their text (using the ON INPUT event) to still use the !gag command without control characters affecting what the bot sees.
It's a nice thing to include, rather than forcing people to not use their scripts, or make them use /say before each bot command.
|
|
|
|
Joined: Oct 2004
Posts: 8,330
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
That said, I usually don't help others to spam control codes. If people want to use commands in scripts I run, they can type them without control codes. Just how I do things. Everyone has their own preferences. If you like supporting them, then using $strip() on every command is "better" ... otherwise, it's not necessary.
Invision Support #Invision on irc.irchighway.net
|
|
|
|
Joined: Feb 2009
Posts: 133
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
there are scripts or addons, including automatic configuration with Scripture colorful, bold, or otherwise. So you cant prevent users from using the control of a bot. so I say: better to use $strip()
WorldDMT
|
|
|
|
Joined: Oct 2004
Posts: 8,330
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
If I make the script I can. Besides, most channels I have been on don't really appreciate people talking in color every single sentence and those are really the only scripts that will affect using bot command. Anything else shouldn't affect commands.
Invision Support #Invision on irc.irchighway.net
|
|
|
|
Joined: Jul 2007
Posts: 1,129
Hoopy frood
|
Hoopy frood
Joined: Jul 2007
Posts: 1,129 |
Yeah well, I think chacha comes from a good start with the use of $strip() just in case control codes take place. Besides, using $strip() is just like adding an extra shield to your script commands. There's no winning or losing...
|
|
|
|
Joined: Jul 2008
Posts: 236
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
|
|
|
|
Joined: Jul 2006
Posts: 4,180
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 4,180 |
I think a sticky about this should really be made, I'm still seeing a lot of people not being aware of the problem who makes exploitable code. Also, since mIRC 7.0, $!utfdecode($regsubex()) should be used for that second version of the safe alias
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
|
|