Closed tens0rfl0w closed 1 month ago
Under no circumstances should we be blocking events outright when there is the potential for legitimate use cases. That would also be a compatbility break.
Right, I didn't think about potential valid use cases or breaking backwards compatibility.
I am aware that providing an event handler for the parsed event data is no longer really appreciated, but I didn't feel confident providing a single ConVar for blocking this event, as this is used on a lot of network stuff and several state types are abusable (but not all).
In case anyone wants to review this, I created a resource to trigger every state change type: test.zip
Command is state [0-9]
.
(This ofc needs two online players to work + script assumes population is deactivated.)
@gottfriedleibniz Hello, is there a date for this fix to go into production, a lot of hacks are using this flaw?
As discussed, this now allows to block routing of the game event with a ConVar.
Tested with the script resource provided above.
Goal of this PR
How is this PR achieving the goal
Introducing a new ConVar called 'sv_enableNetworkedScriptEntityStates' that allows blocking of the 'SCRIPT_ENTITY_STATE_CHANGE_EVENT' game event (routing is enabled by default).
This PR applies to the following area(s)
FiveM, RedM, Server
Successfully tested on
Game builds: 2699
Platforms: Windows
Checklist
Fixes issues
fixes #2553