* [s] Fixed admins being able to bypass proccall protections via remote sdql and circuits. (#61482)
About The Pull Request
Admins can bypass IsAdminAdvancedProcCall checks by using these methods of proccall because proccall protection is kinda dumb. This has been tweaked so that there is proper proccall protection for these methods of proccall.
Code is hacky, but there's not much of a choice if we want procs to be properly protected from admin proccalls from any sort of remote source. If anyone has a better idea on how to implement this, feel free to hit me up.
We need a special global mob that handles proccalls from sources that may not have a usr/client to refer back to. IsAdminAdvancedProcCall() relies usr being defined, so if no usr is defined, then this will always return false. This has been adjusted so that proccalls without a usr/client to refer back to will instead set usr to this special mob, which will then let the IsAdminAdvancedProcCall() return true by comparing whether usr == this special global mob.
Why It's Good For The Game
Admins can no longer bypass IsAdminAdvancedProcCall checks.
Changelog
cl
admin: Admins are no longer able to bypass proccall protections using remote methods of proccalling.
/cl
* [s] Fixed admins being able to bypass proccall protections via remote sdql and circuits.
Co-authored-by: Watermelon914 <37270891+Watermelon914@users.noreply.github.com>
* Notify System
* V2
* Adds a hint
* Stoned fixes round 1
* Use grammar wells I can
* This didnt work
* I wish you could test on TGS without committing
* Jordie fixes round 1
* oops
* This took way longer than it should have taken
* Adds in endnotify for serverops
* Spacing
* Qdels all queries, adds sleep handling
* DB Core messages admins about undeleted queries
* Compile fixes. Adds missing set waitfor
* Remove world/New shennanigans. Add DBQuery/BlockingExecute()
* Less spammy notifications to admins about undeleted queries
* Increase dbcore fire time to 1 minute
* Upgrade undeleted query warning
* Better place of death
* Fix build
* Remove BlockingExecute, see BSQL PR for why
* Yep, missed that one.
* Psyche, that's the WRONG QUERY!!
This is primarily a compatibility layer that enables both forward and backward compatibility for all past and future APIs based on the detected running TGS version. It also bundles all it's includes to make future upgrades not have to modify the dme, heck, could even use a submodule if it wanted (not happening). No other changes necessary.
There's an upcoming event system and new chat management functions. Check them out here: 303448457e/DMAPI/tgs.dm
Also added /datum/proc/CanProcCall()
* New API for service communication
* Safer this way
* Gives the game the ability to kill itself
* tick_lag
* Sanity check
* Updates comment
* Formalization of the server tools API
* Fixes, finishes, and cleanup
* Remove unecessary scoping
* Compile fixes
* Didn't Ctrl+S
* Reimplement chat commands
* Fixup
* Required parameters
* Fax
* Testing
* Fix ON_TOPIC
* The more defines the more better
* That's bass ackwards
* Fix tgs2
* Fuck it, call him pichael
* Do this
* No, we only use the modern methods now
* Remove tgs2 relay support
* Remove kebab
* Kill kill kill
* This is back baby
* Missed a GLOB
* Remove DownloadPRDetails()
* Cache custom commands by name
* Adds "notify" chat command
* Use the official API
* Fix API misuse
* Readme licensing memes
* Fix API
* Moves chat new game announcement to when the API is confirmed compatible
* Add TGS3.json
* Fix the input options
* Removes notify command
