Conversation
57331af to
1312148
Compare
|
This pr is a security concern, as it allows according to the author themself to execute arbirtray js code and according to my own findings also the execution of arbitraty lua code. Merging this is just asking for trouble. If combined with other security holes this code would be able to become part of a potent RCE. I like the idea behind this pr alot, but as it stands its to much for a concern for me. im adding the locked label and am force drafting it. |
|
@OfficialLambdax can you propose some changes to address the security concerns on this? I love the idea of this PR minus the already discussed ideas about a merged packed but that is one for the Protocol work. |
53ef03e to
04bb777
Compare
…interface, add format documentation and example, remove unncessary checks, add optional reportToServer and reportToExtensions conditions
|
My commit also adds a change in behaviour, where now at default neither the server or the local extensions are informed about the reponse unless either |
|
Fixed the issue with |
OfficialLambdax
left a comment
There was a problem hiding this comment.
Ready to merge with BeamMP/BeamMP-Server#427
This PR implements a new lua function and packet used for sends dialogs to the client. ## Example: https://github.com/user-attachments/assets/97bb5813-ea12-4b1d-a049-2f7ebf6b6da3 Example serverside code: ```lua --MP.ConfirmationDialog(player_id: number, title: string, body: string, buttons: object, interaction_id: string, warning: boolean = false, reportToServer: boolean = true, reportToExtensions: boolean = true) function onChatMessage(player_id, player_name, message) MP.ConfirmationDialog(player_id, "Warning", "Watch your tone buddy!!", { { label = "OK", key = "dialogOK", isCancel = true } }, "interactionID", true) end MP.RegisterEvent("onChatMessage", "onChatMessage") function dialogOK(player_id, interaction_id) MP.SendChatMessage(-1, MP.GetPlayerName(player_id) .. " clicked OK") end MP.RegisterEvent("dialogOK", "dialogOK") ``` ### Details: Each dialog can have multiple buttons, each button having it's own callback event (`key`). Each dialog can also have one button with `isCancel` being true, settings this property to true causes the button's event to be called when the users pressed `esc` to exit out of the dialog. If a dialog is created without any button being the cancel button then the user will only be able to exit the dialog by restarting the session or pressing one of the buttons. `interaction_id` will be sent as the event data with a button press event, to track from which dialog the button press came. As when multiple dialogs are opened they will stack and it will become difficult to track what button on which dialog was pressed without having multiple event handlers. Waiting on BeamMP/BeamMP#715 to be merged. --- By creating this pull request, I understand that code that is AI generated or otherwise automatically generated may be rejected without further discussion. I declare that I fully understand all code I pushed into this PR, and wrote all this code myself and own the rights to this code.
Dialog packet
This PR adds a new
Dialog packet which takes json information to open BeamNG's confirmation dialog.HTML can be used to format the body and there are 2 styles available,
experimental(warning)and(none/default).Server side PR BeamMP/BeamMP-Server#427