Commit graph

9 commits

Author SHA1 Message Date
Thilo Schulz
d2612c8a36 Fix levelshot so that it cannot be executed by remote clients (#4339) 2011-02-08 17:58:31 +00:00
Ryan C. Gordon
af303a4813 SetTeam fix from Martin Doucha.
"Actually, client->ps.clientNum is unsafe. We had a little hunt for this some
time ago in Tremulous last year (it caused kick failures, annoying popup
windows and other nasty bugs). The problem is that a following spectator gets
full copy of client->ps of the followed player including clientNum. If you then
try to use this "shared" clientNum, you might affect someone else than you
wanted.

r1019 changes are safe as long as bots don't spectate players. However, a brief
grep on current code has revealed unsafe client->ps.clientNum usage in
SetTeam(). If a following spectator uses team command when forced balance is
on, it'll count teams incorrectly and send the error message to the followed
player instead. Here's the fix."

  Fixes Bugzilla #2986.
2009-09-14 15:45:52 +00:00
Ludwig Nussel
40e4a2e5c4 fix name compare in 'follow' command (#4013) 2009-05-08 09:31:26 +00:00
Ludwig Nussel
f5aae78481 security fix: prevent command injection via callvote 2009-01-17 23:09:58 +00:00
Tim Angus
05e8ab9538 * Added STATUS
* Updated TODO
* Moved ChangeLog to root
* Updated ChangeLog
* s/Foobar/Quake III Arena Source Code/
* Biggest patch EVAR. I wonder how many mail boxes this will fill...
2005-10-29 01:53:09 +00:00
Ludwig Nussel
5ae70d54b0 remove svn:executable property 2005-08-28 17:54:51 +00:00
Zachary Slater
59cce31e75 newlines fixed 2005-08-26 17:39:27 +00:00
Zachary Slater
5b755058f5 Itsa me, quake3io! 2005-08-26 04:48:05 +00:00
Travis Bradshaw
dbe4ddb103 The Quake III Arena sources as originally released under the GPL license on August 20, 2005. 2012-01-31 13:41:34 -06:00