mIRC Home    About    Download    Register    News    Help

Print Thread
Can someone explain $unsafe? #257261 25/03/16 07:37 PM
Joined: May 2003
Posts: 31
B
Bleepy Offline OP
Ameglian cow
OP Offline
Ameglian cow
B
Joined: May 2003
Posts: 31
Hello,

I've been using mIRC and writing scripts for over a decade now, however the new $unsafe identifier has baffled me.

It may just be me not understanding the help file description, so does anyone happen to have a working example of its use?

Thanks


@#HelpDesk - DALnet
Re: Can someone explain $unsafe? [Re: Bleepy] #257262 25/03/16 08:00 PM
Joined: Dec 2008
Posts: 1,511
westor Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2008
Posts: 1,511
It has the same usage as $safe custom identifier in this topic http://en.wikichip.org/wiki/mirc/msl_injection

Re: Can someone explain $unsafe? [Re: Bleepy] #257263 25/03/16 08:18 PM
Joined: Jul 2006
Posts: 3,729
W
Wims Offline
Hoopy frood
Offline
Hoopy frood
W
Joined: Jul 2006
Posts: 3,729
In addition, the name '$safe' itself was not kept because it could have mislead new users into thinking what they were doing was safe.


Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net
Re: Can someone explain $unsafe? [Re: Bleepy] #257276 26/03/16 01:25 AM
Joined: May 2003
Posts: 31
B
Bleepy Offline OP
Ameglian cow
OP Offline
Ameglian cow
B
Joined: May 2003
Posts: 31
Ok, the example on that website cleared things up.

Essentially, it prevents execution, evaluation and injection of code.

So just in case any others come here for an answer, I've included a simple demo below:

Example WITHOUT $unsafe

Remote:
Code:
on *:TEXT:.test *:#test:{ .timer 1 1 msg #test $nick said: $2- }

Command:
Code:
<bleepy> .test banana | msg #test evaluated $me | part #test

Output / Result:
Code:
<bot> bleepy said: banana
<bot> evaluated bot
* bot (user@host) has left #test


Example WITH $unsafe

Code:
on *:TEXT:.test2 *:#test:{ .timer 1 1 msg #test $nick said: $unsafe($2-) }

Command:
Code:
<bleepy> .test2 banana | msg #test not evaluated $me | part #test

Output / Result:
Code:
<bot> bleepy said: banana | msg #test not evaluated $me | part #test


@#HelpDesk - DALnet
Re: Can someone explain $unsafe? [Re: Bleepy] #257725 12/05/16 06:02 AM
Joined: Apr 2003
Posts: 342
M
MeStinkBAD Offline
Fjord artisan
Offline
Fjord artisan
M
Joined: Apr 2003
Posts: 342
The help text needs clarification.

Quote:
$unsafe(text)
This identifier is designed to be used with, for example, external user input in commands that may evaluate text later on, such as /timer commands. It delays evaluation of text for one level of evaluation.


This explanation leads one to believe it's used for delayed evaluation, not preventing a remote mSL injection.

BTW... on my system, using /timer 1 1 echo -a $unsafe(1 $chr(124) /echo 2) from the input line results in the following...

Code:
* Timer 1 activated
$unsafe(MSB8IC9lY2hvIDI=).undo
* Timer 1 halted


I'll look into it's probably something local... but certainly odd.

Last edited by MeStinkBAD; 12/05/16 06:10 AM.

Beware of MeStinkBAD! He knows more than he actually does!
Re: Can someone explain $unsafe? [Re: MeStinkBAD] #257726 12/05/16 07:01 AM
Joined: Dec 2002
Posts: 4,841
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,841
Quote:
This explanation leads one to believe it's used for delayed evaluation, not preventing a remote mSL injection.

This description is intentional as it can be used in both contexts.

Quote:
I'll look into it's probably something local... but certainly odd.

That looks fine. This identifier was designed and implemented with the input of scripters who regularly used $safe() but wanted a core internal identifier that behaved in exactly the same way.

Re: Can someone explain $unsafe? [Re: MeStinkBAD] #257727 12/05/16 10:38 AM
Joined: Jul 2006
Posts: 3,729
W
Wims Offline
Hoopy frood
Offline
Hoopy frood
W
Joined: Jul 2006
Posts: 3,729
What the identifier does is really delaying one level of evaluation, and that's the only way to prevent injection.
For static/known text, we can delay one level of evaluation using things like $+ and $!ident, but for unknown text abstracted by a local identifier/%variable such as $1-, we can't because we need to get its content during the evaluation of the timer command:
//timer 3 1 echo -a $time - $!time - $ $+ time
Vs
//tokenize 32 dangerous $!me | timer 1 1 echo -a $1- - $ $+ 1- - $unsafe($1-)


Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net