Prevent server from sending "bind" command

[MPNumB]

I agree. And special char check before and after the command would be nice as well, to avoid bypass methods.

P.S. Don't forget "unbind" and "unbindall".

[ghost]

I don't get it why people still changing their config.cfg. Why they are not creating a new file called myshittyconfig.cfg and execute once the cfg with "exec myshittyconfig,cfg".

I agree that such servers are shit, but it is also useful if you ask and inform users about your changes. Black sheeps are always out there, and if they want to change soemthing they can do that without the bind command. Keep it as it is, and set the server on your blacklist.

[ghost]

Also the bind command is useful, e.g. to bind a mod special function to a key. Especially for non-geek users who doesn't have any idea how to do it. Ofcourse if they have accepted it or executed it by themself e.g. through the chat system.

Player A: types "setbind" into the chat Server: executes the right commands on Player A Player A: is happy, because he couldn't do that by himself

Instead of blocking bind I would suggest to add a feature/function like reset_settings or load_defaults, so all variables turning back to their original (e.g. from config_defaults.cfg). Also I hope you guys are using the userconfig.cfg to edit your settings. This files is save even without "read only" attribute. Or better you are using a custom named cfg.

I never had an issue with using userconfig.cfg or [insert name here].cfg. I also never had "read only" on config.cfg.

[SparkiTP]

Completetly agree with @leon291.

Please allow players to recieve bind commands from server. Atleast, provide a cvar, so that client can decide to allow those commands or not. Thanks!

Awaiting your reply @alfred-valve

[ghost]

@SparkiTP the cvar is provided - cl_filterstuffcmd

[SparkiTP]

Oh ok, thanks for that information. @MaxKorz Can that commands be changed only by client or also from server side? Will check that command, meanwhile.

[ghost]

This cvar can be changed only by client. Even client_cmd( player, "cl_filterstuffcmd 1"); won't work:

] cl_filterstuffcmd 
"cl_filterstuffcmd" is "0"
] amx_slowhack Neo
Server tried to send invalid command:"cl_filterstuffcmd 0
"Server tried to send invalid command:"cl_filterstuffcmd 1
"Server tried to send invalid command:"cl_filterstuffcmd 0

[SparkiTP]

Can someone explain what commands will be blocked with setting cl_filterstuffcmd to 0/1?

https://gist.github.com/SparkiTP/5108100

[ghost]

Sure.

_restart
_set_vid_level
_setaddons_folder
_setgamedir
_sethdmodels
_setrenderer
_setvideomode
gl_*
r_*
hud_*
cl_*
m_*
rate
connect
retry
timerefresh
alias
bind
unbind
unbindall
cd
exec
exit
kill
quit
say
setinfo
sensitivity
sys_ticrate
writecfg
removedemo
ex_interp
developer
fps_max
speak_enabled
voice_enable
volume
mp3volume
motd_write

If cl_filterstuffcmd is set to 0:

motd_write
cl_filterstuffcmd

I could miss something.

[SparkiTP]

But, in my case, setting this cl_filterstuffcmd to 0 / 1, does not allow client CS to recieve bind commands :( Please refer to the gist link, I gave in last post.

[ghost]

Then create a new issue and wait for @alfred-valve to reply. I don't think it should be blocked when cl_filterstuffcmd 0. At least it wasn't.

[SparkiTP]

Thanks for your suggestion. Ok, does the same bug, appear for you? Can you check?

New issue created: https://github.com/ValveSoftware/halflife/issues/733

[ghost]

of course I checked it before suggesting you to create a new issue, so yes, I confirm it :)