mIRC Homepage

Script to gag users for 5 minutes

Posted By: CSC2YA

Script to gag users for 5 minutes - 03/05/08 09:49 PM

I'm trying to get a script working that will gag users for 5 minutes, then automatically ungag them, but can't get it working how I want it to. The following is what i've got so far:

Quote:
if (!gag isin $1) { /mode $2 +z | /msg # $2 has been gagged for 5 minutes | /setvar %gag $nick | timer1 300 /mode %gag -z }


I'm getting the following errors:
Quote:
* /timer1: invalid parameters (line 39, opercommands.mrc)
-
SETVAR Unknown command

I also want to edit that so that it will message the channel to say that the user is no longer gagged once the 5 minutes are up, but can't work out how to code it so that it all works.
Posted By: Riamus2

Re: Script to gag users for 5 minutes - 03/05/08 10:08 PM

Code:
on *:text:*:#: {
  if ($1 == !gag && $2 ison $chan) {
    mode $2 +z
    msg $chan $2 has been gagged for 5 minutes
    .timer 1 300 mode $2 -z
  }
}


The main problems being that /setvar is not a valid command. You can use /set or you can use /var depending on what you're doing. Also, you missed a space after timer for your other error. One other issue you had is that you can only every have 1 nick automatically ungagged the way you are setting a variable like that. Also, you were ungagging the person doing the command rather than $2. The changes made fix all 3 issues and make it a little more efficient.

Note that I stuck it into an on TEXT event just to show how it fits into a script. If you have it in some other event, you can just insert the part that is inside this on TEXT into whatever event you already have set up.

EDIT: Edited to make the timer safe. Keep in mind that you should, of course, limit the ability to use this command to approved nicks or only yourself, which also will help prevent misuse. I would actually assume this command would be either an alias or an on INPUT anyhow.
Posted By: qwerty

Re: Script to gag users for 5 minutes - 03/05/08 11:03 PM

It's been pointed out an awful lot of times, but I'll point it out again: passing unknown content to /timer can be dangerous. In this case $2 is just a single word, which limits serious attacks like $findfile to mere annoyances (counting the number of files in C: can be pretty annoying though!), if you ignore aliases. If the attacker knows that the victim has a potentially dangerous alias, they can use that. In this case somebody could type "!gag $p" and have the bot part the channel or something like that. I think you get the point.

I realise it may not be easy for an inexperienced scripter to properly escape stuff passed to /timer, so here's an alias that should help:
Code:
; it's important to keep the spacing exactly as it is
alias safe return $!decode( $encode($1,m) ,m)

Then one can use $safe($2) instead of $2 in /timer, /scon or /scid.

The only problem with that is having $encode/$decode disabled for security reasons (a somewhat ironic situation). In such cases, the following (uglier, slower and more prone to hit the maximum-string-length limit) alternative could be used:
Code:
alias safe2 bset -tc &a 1 $1 | return $!regsubex(safe, $bvar(&a,1-) ,/(\d+)(?: |$)/g,$chr(\1))


Edit: this recent report implies that even single-word identifiers like $2 can be used to execute arbitrary commands, which makes escaping them even more important.

Edit 2: added -c switch in /bset to avoid problems with multiple calls in the same script (thanks Wims)
Posted By: hixxy

Re: Script to gag users for 5 minutes - 24/07/08 12:24 PM

Sorry to bump an old thread, but it's worth noting that /flash also double evaluates content. This is what caused an exploit in PnP a while back.

Think it's worth making a sticky about /timer, /scon, /scid, /flash and any other potentially dangerous situations q?
Posted By: qwerty

Re: Script to gag users for 5 minutes - 24/07/08 12:52 PM

Good idea, a sticky might help. I'll make one soon.
Posted By: Wims

Re: Script to gag users for 5 minutes - 29/05/09 11:07 PM

I have noticed that the $safe2 alias isn't working really well, the binary var is never unset before using /bset, this result with some old characters in it :
Code:
//Echo -a $($safe2(longggggggggggg) $safe2(short),2)
I think it would be good if the code could be edited with the use of /bunset &a before the /bset.
Posted By: s00p

Re: Script to gag users for 5 minutes - 24/01/10 02:27 AM

I wonder if you've noticed how there was no response, Wims...
Posted By: Wims

Re: Script to gag users for 5 minutes - 24/01/10 03:16 AM

And how the sticky never has been made wink
Posted By: s00p

Re: Script to gag users for 5 minutes - 24/01/10 04:16 AM

Mostly how safe2 was never fixed.
Posted By: chacha

Re: Script to gag users for 5 minutes - 24/01/10 10:29 AM

use "$strip($1) == !gag" is better
Posted By: s00p

Re: Script to gag users for 5 minutes - 24/01/10 01:12 PM

"better" is not well defined, so your statement is void.
Posted By: chacha

Re: Script to gag users for 5 minutes - 24/01/10 09:38 PM

/help $strip()
Posted By: Tomao

Re: Script to gag users for 5 minutes - 24/01/10 10:06 PM

So does using $strip help to prevent code exploits?
Posted By: RusselB

Re: Script to gag users for 5 minutes - 24/01/10 10:32 PM

No, it doesn't help prevent exploits, but it does allow people with scripts that alter their text (using the ON INPUT event) to still use the !gag command without control characters affecting what the bot sees.

It's a nice thing to include, rather than forcing people to not use their scripts, or make them use /say before each bot command.
Posted By: Riamus2

Re: Script to gag users for 5 minutes - 25/01/10 04:08 PM

That said, I usually don't help others to spam control codes. If people want to use commands in scripts I run, they can type them without control codes. Just how I do things. Everyone has their own preferences. If you like supporting them, then using $strip() on every command is "better" ... otherwise, it's not necessary. smile
Posted By: chacha

Re: Script to gag users for 5 minutes - 25/01/10 09:12 PM

there are scripts or addons, including automatic configuration with Scripture colorful, bold, or otherwise. So you cant prevent users from using the control of a bot. so I say: better to use $strip()
Posted By: Riamus2

Re: Script to gag users for 5 minutes - 25/01/10 10:58 PM

If I make the script I can. laugh

Besides, most channels I have been on don't really appreciate people talking in color every single sentence and those are really the only scripts that will affect using bot command. Anything else shouldn't affect commands.
Posted By: Tomao

Re: Script to gag users for 5 minutes - 26/01/10 07:47 PM

Yeah well, I think chacha comes from a good start with the use of $strip() just in case control codes take place. Besides, using $strip() is just like adding an extra shield to your script commands. There's no winning or losing...
Posted By: s00p

Re: Script to gag users for 5 minutes - 30/01/10 01:27 PM

"An extra shield"?
Posted By: Wims

Re: Script to gag users for 5 minutes - 12/01/12 03:53 PM

I think a sticky about this should really be made, I'm still seeing a lot of people not being aware of the problem who makes exploitable code.
Also, since mIRC 7.0, $!utfdecode($regsubex()) should be used for that second version of the safe alias
Posted By: D4ni

Re: Script to gag users for 5 minutes - 12/01/12 08:33 PM

Originally Posted By: Wims
Also, since mIRC 7.0, $!utfdecode($regsubex()) should be used for that second version of the safe alias


...which also doesn't work when people have $decode disabled.
Posted By: hixxy

Re: Script to gag users for 5 minutes - 12/01/12 09:59 PM

*deleted*

Awful solution offered blush
© 2022 mIRC Discussion Forums