search

Overwrite987 / UltimateServerProtector

Incredibly lightweight plugin, that add an "admin-password" to your server.
GNU Affero General Public License v3.0
14 stars 7 forks source link

Problem with Citizens npc command . #37

Closed TANJIL87 closed 5 months ago

TANJIL87 commented 5 months ago

So it's been a problem since the beginning but It's probably is a function of this plugin .

So if I set command to run as op in the Citizens NPC and any player uses that NPC, they're flagged as op, and they need to enter the admin password even though they don't have op.

For example , I have a npc and added command "/npc cmd add dmenu open levels -p -o"

So, Is it possible to add compatibility with citizens ? So if anyone runs the command from the npc they won't get flagged.

Overwrite987 commented 5 months ago

So it's been a problem since the beginning but It's probably is a function of this plugin .

So if I set command to run as op in the Citizens NPC and any player uses that NPC, they're flagged as op, and they need to enter the admin password even though they don't have op.

For example , I have a npc and added command "/npc cmd add dmenu open levels -p -o"

So, Is it possible to add compatibility with citizens ? So if anyone runs the command from the npc they won't get flagged.

Can you install latest dev build from actions and show logs if this keeps happening?

TANJIL87 commented 5 months ago

Yeah, I tried again, players getting banned .

image : https://cdn.discordapp.com/attachments/1236227945648095353/1239426933788508160/image.png?ex=6642e1c8&is=66419048&hm=504f2bf50f667bbd4601d0ff576c6dc7a8cf111938232d01c3b09af9445b7b7e&

Overwrite987 commented 5 months ago

Yeah, I tried again, players getting banned .

image : https://cdn.discordapp.com/attachments/1236227945648095353/1239426933788508160/image.png?ex=6642e1c8&is=66419048&hm=504f2bf50f667bbd4601d0ff576c6dc7a8cf111938232d01c3b09af9445b7b7e&

Logs?

TANJIL87 commented 5 months ago

Here https://mclo.gs/93J9gZC

Overwrite987 commented 5 months ago

Here https://mclo.gs/93J9gZC

This is the most dumb stuff I have EVER seen in my life. Explanation: Here you can see: https://github.com/CitizensDev/Citizens2/blob/master/main/src/main/java/net/citizensnpcs/util/Util.java that Citisens ACTUALY GIVES PLAYER OP to force player execute command.

And this is incredibly dumb for one reason - in theory a player can have time to execute ANY command in that time...

And i recommend you to remove this option... This looks lika a HUGE vulnerability...