Block another A2OA script execution exploit

Thanks to Dihan for reporting on Discord. This exploit may work with other event handlers, displays and controls. Please leave a comment if you find any others that work. I tested GPS, abort, MP setup and group menu displays, as well as the map diary list box controls, but none of those had this problem. This should be fixed with an A2OA patch, please report to Bohemia.
2025-12-23 04:22:13 +03:00 · 2017-08-13 16:07:03 -04:00
parent 368aa1217b
commit 026788e714
2 changed files with 19 additions and 5 deletions
--- a/SQF/dayz_code/system/antihack.sqf
+++ b/SQF/dayz_code/system/antihack.sqf
@@ -1,7 +1,23 @@
-/* Block local script execution bug. Still not fixed in A20A as of 1.63.131129 */
+/*
+	These event handlers are not cleared after exiting the editor, allowing script execution in MP servers
+	Still not fixed in A2OA as of 1.63.131129
+*/
 inGameUISetEventHandler ["PrevAction","false"];
 inGameUISetEventHandler ["NextAction","false"];
 inGameUISetEventHandler ["Action","false"];
+{
+	(findDisplay 12) displayCtrl 51 ctrlRemoveAllEventHandlers _x;
+	(findDisplay 12) displayRemoveAllEventHandlers _x;
+} count [
+	"Load","Unload","ChildDestroyed","MouseEnter","MouseExit","SetFocus",
+	"KillFocus","Timer","KeyDown","KeyUp","Char","IMEChar","IMEComposition","JoystickButton","MouseButtonDown",
+	"MouseButtonUp","MouseButtonClick","MouseButtonDblClick","MouseMoving","MouseHolding","MouseZChanged",
+	"CanDestroy","Destroy","ButtonClick","ButtonDblClick","ButtonDown","ButtonUp","LBSelChanged",
+	"LBListSelChanged","LBDblClick","LBDrag","LBDragging","LBDrop","TreeSelChanged","TreeLButtonDown",
+	"TreeDblClick","TreeExpanded","TreeCollapsed","TreeMouseMove","TreeMouseHold","TreeMouseExit",
+	"ToolBoxSelChanged","Checked","CheckedChanged","CheckBoxesSelChanged","HTMLLink","SliderPosChanged",
+	"ObjectMoved","MenuSelected","Draw","VideoStopped"
+];

 // (c) facoptere@gmail.com, licensed to DayZMod for the community
 //