Updates for GServer and NPCServer
 

This is not directly script related, but something for developers in general. You eventually need to restart the gserver or npcserver to enable the new stuff.
GServer updates:
- warpto=false and ignorewarpto=true options (are the same, but the second doesn't display an error message)
- warpto is not accepted when the player types illegal coordinates (like warpto blah blah)
- toguild messages are handed " better (displayed correctly in v4, an additional \ in the text will appear in v2)
- on the npcserver levels are not removed from the memory ("swapped out") when a player is still idling there after the normal timeout (5 minutes), so preventing problems of disappearing npcs
- the colors of npcs are sent on first write, so it's easier to do npcs with newbie colors
- some security problems with scripted RC have been fixed (all servers using new scripting engine have already been restarted to make this take effect)
- ghosts can do serverwarp now, so the serverlist is working on all servers

Is this the fix for the setrights bug?

I'm testing that right now Ash. I'll update.

EDIT:
Yup, the bug is fixed. :D

Thanks Stefan.

wooo, good!

What setrights bug are you talking about?

The ability for anyone and everyone who has access to a weapon script to set anyone's rights, regardless if they have that ability or not. I saw it abused once by a staffer who was fired, to get back at the Admins. It was a pretty nasty little bug, and it was basically with a clientrc + sendtext that a person could set someone's rights.

Oh you mean the sendtext() rights worked without having the edit rights right? @_@ wowsers

Yup. Worked like a cham. Would remove every single right you shared with that person, including clearing their IPRange (so they couldn't sign on) and their Folderrights. Was a nasty little bug.

This was said on Exploit RC when I brought this bug to Stefan's attention:

Most people don't know the format / values they can set though, so I have not seen someone giving themself rights. Also setting comments and the local ban was not protected. Those were functions which have been added for giving more power to the scripted RC, but have not been implemented in the RC script and that's why they weren't tested a lot.

Come on Ajira, after all that bragging about being able to take over servers? >_>


But yeah, since this is my post for the day, I have a request:
Could a command that lets us access offline accounts be added

Actually, I was thinking a different way, didn't know it just worked with sendtext.

You know, this bug isn't fixed completely yet, Stefan, about changing rights. I managed to steal someone's Admin User without even trying (I was just testing my thoughts on it). I would tell you exactly how to proceed, but I doubt it's wise to explore this facade over opened threads.

I don't think this can be done by script...? I have no clue how that would be even remotely possible by script, if that is what you were talking about.

There was a bug with GS2 (with 'sendtext') that allowed people to change rights. Velox is just saying that there still is a way.

I was possible before (looks like it still is...)

But how would he steal an account with a script? @_@