Bubka3
commented
6 years ago tl;dr for coder: Disabling voting options with cvar only hides it from UI and can bypassed by using callvote
Closed Holycrapjimhox closed 6 years ago
Bubka3
commented
6 years ago tl;dr for coder: Disabling voting options with cvar only hides it from UI and can bypassed by using callvote
felis-catus
commented
6 years ago Fixed in r4204.
Bubka3
commented
6 years ago Resolved Closure This issue has been closed as it has been resolved in the current dev build. It will be available to the public in the next steam release. Thanks for reporting!
Additional comments: tested dev binaries r8709
So, I've found that players can abuse the callvote system by writing in console "callvote kick player" "callvote restart" "callvote changelevel nmo_genericmap" "callvote nextlevel nmo_genericmap" even though I've set all of those cvars to not work, except for restart.
These are all the native cvars I've found in regards to callvotes:
sv_allow_votes 1/0 sv_vote_allow_dead_call_vote 1/0 sv_vote_allow_spectators 1/0 sv_allow_dead_votekick_alive 0 sv_vote_ui_hide_disabled_issues 1/0 sv_vote_issue_changelevel_allowed 1/0 sv_vote_issue_nextlevel_allowed 1/0 sv_vote_issue_restart_game_allowed 1/0 sv_vote_issue_kick_allowed 1/0 sv_vote_failure_timer X sv_vote_creation_timer X sv_vote_quorum_ratio 0.X0
The ones I'm interested in are: sv_vote_issue_changelevel_allowed sv_vote_issue_nextlevel_allowed sv_vote_issue_restart_game_allowed sv_vote_issue_kick_allowed
These are really important, because they allow you, in theory, to block specific callvotes that you don't want players to use, but also without disabling the entire callvote system, when set to 0. For example, in my server, I want to have ONLY the Restart Game callvote active, while the others remain deactivated. So, in my server.cfg file I would have:
sv_vote_issue_changelevel_allowed 0 sv_vote_issue_nextlevel_allowed 0 sv_vote_issue_restart_game_allowed 1 sv_vote_issue_kick_allowed 0
But, all of these last cvars only remove said callvote option from the callvote menu, according to the default sv_vote_ui_hide_disabled_issues 1. They don't actually disable the callvotes, since a player can type in their console "callvote kick Player" and kick people in the server, even when that option should not be available. The cvars should completely disable them, even when players use the callvote command in their console.
Also, there isn't a direct plugin substitute for the callvote system in NMRiH. For example, if you use the votes included with Sourcemod, you can't restart the round at all, and also, dead players can vote and also initiate a vote, since there is no restriction.
EDIT: also, this one doesn't work either: sv_vote_allow_spectators 1/0 but I have no clue if it's useful or not.