View Issue Details

IDProjectCategoryView StatusLast Update
0007528Multi Theft Auto : San AndreasServerpublic2013-03-01 16:07
ReporterStifflersMom Assigned Toccw  
Status resolvedResolutionfixed 
Target Version1.3.2Fixed in Version1.3.2 
Summary0007528: outputChatBox to a invalid player goes to ALL players

On a heavy loaded server we had strange outputs to the main chat during a mass timeout. While discovering this issue, we have found out, that the origin of this output was a ChatBox msg, wich was adressed to a player, which has timed out just at this moment. This could be a security problem.

Steps To Reproduce

srun demo=getPlayerFromName("DemoPlayer") setTimer(outputChatBox,10000,1,"test",demo,255,255,255,true)

If "DemoPlayer" leaves the server after the timer starts, "test" goes to all other players after 10 seconds.

TagsNo tags attached.



2013-02-27 12:52

manager   ~~0018190

This has always been the case even before that outputChatBox improvement Kenix made recently. If it's anything but a valid player element it uses root.

If you made sure that the player element was valid at the time of it being sent this would never happen though I imagine if a check in the MTA code was made to make sure it would only sent to root if root was specified that it's a quick fix.


2013-02-27 17:11

updater   ~~0018191


2013-02-27 18:47

viewer   ~~0018192

Last edited: 2013-02-27 18:47

I had that problem on my server (devgaming) after update. Sometimes some messages were global instead of being send to specific player. It was weird because it happened on loop being done on players within colSphere, even isElement (which was pointless for using it on players within some area for me) didn't help. I had to install old MTA.


2013-02-27 19:30

updater   ~~0018195

I have tested it with server version v1.3.1-release-4952 with the same command:
srun demo=getPlayerFromName("DemoPlayer") setTimer(outputChatBox,10000,1,"test",demo,255,255,255,true)
The output is going exactly to no one, if DemoPlayer leaves within the timer period. I also think, if the visibleTo element is a player element, and the player element becomes invalid, the visibleTo must not become root.


2013-02-28 09:17

updater   ~~0018196

Issue History

Date Modified Username Field Change