* [s] Fixed admins being able to bypass proccall protections via remote sdql and circuits. (#61482)
About The Pull Request
Admins can bypass IsAdminAdvancedProcCall checks by using these methods of proccall because proccall protection is kinda dumb. This has been tweaked so that there is proper proccall protection for these methods of proccall.
Code is hacky, but there's not much of a choice if we want procs to be properly protected from admin proccalls from any sort of remote source. If anyone has a better idea on how to implement this, feel free to hit me up.
We need a special global mob that handles proccalls from sources that may not have a usr/client to refer back to. IsAdminAdvancedProcCall() relies usr being defined, so if no usr is defined, then this will always return false. This has been adjusted so that proccalls without a usr/client to refer back to will instead set usr to this special mob, which will then let the IsAdminAdvancedProcCall() return true by comparing whether usr == this special global mob.
Why It's Good For The Game
Admins can no longer bypass IsAdminAdvancedProcCall checks.
Changelog
cl
admin: Admins are no longer able to bypass proccall protections using remote methods of proccalling.
/cl
* [s] Fixed admins being able to bypass proccall protections via remote sdql and circuits.
Co-authored-by: Watermelon914 <37270891+Watermelon914@users.noreply.github.com>
* JATUM (#53831)
Adds the JATUM serialization system. Inspired by @ RemieRichards. Allows for easy serialization and deserialization of trivial datums.
Also adds a missing html_encode.
* JATUM
Co-authored-by: Jordan Brown <Cyberboss@users.noreply.github.com>
Replaces like 70-80% of 0 and such, as a side effect cleaned up a bunch of returns
Edit: Most left out ones are in mecha which should be done in mecha refactor already
Oh my look how clean it is
Co-authored-by: TiviPlus <TiviPlus>
Co-authored-by: Couls <coul422@gmail.com>
Co-authored-by: TiviPlus <57223640+TiviPlus@users.noreply.github.com>
Co-authored-by: Couls <coul422@gmail.com>
* Adds SIGNAL_HANDLER and SIGNAL_HANDLER_DOES_SLEEP to prevent signal callbacks from blocking (#52761)
Adds SIGNAL_HANDLER, a macro that sets SHOULD_NOT_SLEEP(TRUE). This should ideally be required on all new signal callbacks.
Adds BLOCKING_SIGNAL_HANDLER, a macro that does nothing except symbolize "this is an older signal that didn't necessitate a code rewrite". It should not be allowed for new work.
This comes from discussion around #52735, which yields by calling input, and (though it sets the return type beforehand) will not properly return the flag to prevent attack from slapping.
To fix 60% of the yielding cases, WrapAdminProcCall no longer waits for another admin's proc call to finish. I'm not an admin, so I don't know how many behinds this has saved, but if this is problematic for admins I can just make it so that it lets you do it anyway. I'm not sure what the point of this babysitting was anyway.
Requested by @optimumtact.
Changelog
cl
admin: Calling a proc while another admin is calling one will no longer wait for the first to finish. You will simply just have to call it again.
/cl
* Adds SIGNAL_HANDLER and SIGNAL_HANDLER_DOES_SLEEP to prevent signal callbacks from blocking
Co-authored-by: Jared-Fogle <35135081+Jared-Fogle@users.noreply.github.com>
* demos (ported from yogstation)
rustg update + write with no format
use external hook for logging
use proper log vars
fix + clarifying comment
don't start the log
release build of rust-g
fix something caught by the lint
Update code/__DEFINES/subsystems.dm
Co-Authored-By: Jordan Brown <Cyberboss@users.noreply.github.com>
Update code/controllers/subsystem/demo.dm
Co-Authored-By: JJRcop <jrubcop@gmail.com>
Update code/controllers/subsystem/demo.dm
Co-Authored-By: JJRcop <jrubcop@gmail.com>
moves hooks out of a dedicated file
len = 0 to Cut(), remove semicolons
untyped loop
* updated rust_g
* 513 updates
About The Pull Request
The thing other than ruining maps that I was working on
Refactors VV to use a more standard way of doing topic dropdown options rather than a huge if/else chain
Marking datums is now a right click option
Moves a few files around too/few procs
Why It's Good For The Game
Makes it easier to add more VV dropdown options in the future, and moving href list keys to defines make misspelling them harder.
Changelog
cl
add: Oh yeah also added a "return value of proccall" option for VV var editing.
refactor: View Variables has been refactored. It should now be easier to make VV dropdown options.
/cl
