mIRC Homepage
Posted By: Ook Lock options missing - 15/09/20 06:04 PM
On mIRC v6.35 open options->other->lock & you will see a "disabled commands" list, do the same thing on any mIRC since 7.52 (the oldest v7+ mIRC i have) & the list is missing.

This on windows 7 x64 with a clean mIRC install.
Posted By: Khaled Re: Lock options missing - 15/09/20 07:10 PM
This option was removed long ago because it was no longer useful and gave a false sense of security. It originally allowed users to disable a small set of scripting features from being used, however the scripting language had evolved to the point where, realistically, many commands, identifiers, etc. would need to be added to such a list and a user would need to micro-manage a large list of commands and identifiers to allow even simple scripts to work. Instead, from v7.44 onwards, a warning is given to users when they run a script or try to use a command.
Posted By: maroon Re: Lock options missing - 16/09/20 03:40 AM
Have a look at https://en.wikichip.org/wiki/mirc/msl_injection for some examples of things to watch out for in scripts. Some of these issues are caused simply by people writing their own scripts in a careless manner, but these things can be found in publicly available scripts that people innocently don't know have these types of problems. While the scripts work perfectly fine when used as intended, you must be careful about how you use timers, specifically in how you use text not created by you. As you can see from these examples, even $calc could be used against you in a limited context.

You can create aliases to defend against some of the built-in /commands, but not against $identifiers. However, the ! prefix would make even this defense pointless. For example, "run" was one of the commands on the old list being blocked. You could make this alias which would intercept a script trying to use "run something", and would block it unless it did "run password something". However, if they used "!run something" it would execute the built-in identifier without checking for the existence of this alias, in the same way this alias evades another alias created to alter the format of the /echo command.

run {
!if ($1 != password) { !echo -a halt: attempt to use /run command without password! | !halt }
!run $2-
}

Some of the other things on the old "block" list were identifiers, which you can't intercept using an alias. You create an "alias decode" to intercept "/decode parameters", but it can't intercept "$decode(parameters)".
© mIRC Discussion Forums