TalkAction [TFS 1.3 / Lua 5.2] Debug LUA scripts with talkaction!

Gesior.pl

Mega Noob&LOL 2012
Joined
Sep 18, 2007
Messages
2,027
Best answers
19
Reaction score
1,071
Location
PLand
Credits to @Cykotitan, based on TFS 0.x version TalkAction - Debug LUA scripts with talkaction!

It's updated version for LUA 5.2+ (in which they replaced 'loadstring' with 'load')!
For LuaJIT and LUA 5.1 versions use:

TalkAction - [TFS 1.x / LuaJIT] Debug LUA scripts with talkaction! (https://otland.net/threads/tfs-1-x-luajit-debug-lua-scripts-with-talkaction.260910/)

Talkaction that let you find problems with LUA scripts on GOD character.
You can also use it to do some admin actions in game. Fix small map bugs, make new spawns - without server restart.

XML data/talkactions/talkactions.xml:
PHP:
<talkaction words="/lua" separator=" " script="lua_debug.lua" />
<talkaction words="!lua" separator=" " script="lua_debug.lua" />
LUA data/talkactions/scripts/lua_debug.lua:
Lua:
function sendToPlayerLuaCallResult(player, ...)
   local n = select('#', ...)
   local result = setmetatable({ ... }, {
      __len = function()
         return n
      end,
   })

   local t = {}
   for i = 2, #result do
      local v = tostring(result[i])
      if v:len() > 0 then
         table.insert(t, v)
      end
   end

   if #t > 0 then
      player:sendTextMessage(MESSAGE_STATUS_CONSOLE_ORANGE, table.concat(t, ', '))
   end
end

function onSay(player, words, param)
   if not player:getGroup():getAccess() then
      return false
   end

   if player:getAccountType() < ACCOUNT_TYPE_GOD then
      return false
   end

   sendToPlayerLuaCallResult(player, pcall(load(
      'local cid = ' .. player:getId() .. ' ' ..
         'local player = Player(cid) ' ..
         'local pos = player:getPosition() ' ..
         'local position = pos ' ..
         param
   )))

   return false
end
Predefined variables:
cid
- GOD character 'cid'
player - GOD character Player object
pos - position of GOD character
position - position of GOD character

Examples:

1. Get current position of player 'Adsad':

PHP:
!lua p = Player('Adsad'):getPosition() return p.x, p.y, p.z
Result:
Local Chat in Tibia client said:
32368, 32224, 7
You can also split code to few lines:
PHP:
!lua var1 = Player('Adsad')
!lua var2 = var1:getPosition()
!lua return var2.x, var2.y, var2.z
2. Spawn monster Demon next to GOD:
PHP:
!lua Game.createMonster("Demon", pos)
3. Spawn monster Demon 20 times every 5 seconds on position on which is GOD in moment of saying !lua:
PHP:
!lua function spawnDemon(pos, countLeft) if countLeft > 0 then addEvent(spawnDemon, 5000, pos, countLeft - 1) end Game.createMonster("Demon", pos) end spawnDemon(pos, 20)
4. Set GOD storage value with key 123 to 456:
PHP:
!lua player:setStorageValue(123, 456)
Set player 'Adsad' storage value with key 123 to 456:
PHP:
!lua Player('Adsad'):setStorageValue(123, 456)
5. Get GOD storage value with key 123:
PHP:
!lua return player:getStorageValue(123)
Get player 'Adsad' storage value with key 123:
PHP:
!lua return Player('Adsad'):getStorageValue(123)
Result:
Local Chat in Tibia client said:
 

gpedro

web developer
Joined
Dec 5, 2009
Messages
122
Best answers
0
Reaction score
59
Location
Brazil
attention! don't not use this on production server (or change talkaction name).

when malicious people get use of it, it can open a security hole. this able to cracker (bad hacker) get sensitive information like database credentials,
password file (/etc/passwd) and execute malicious code using os.capture and os.execute.


-- suggestion
make a blacklist of keywords like mysql, sqlite, sqlPass, os.execute, os.capture...
 

Ochman

Premium User
Premium User
Joined
Feb 27, 2016
Messages
260
Best answers
3
Reaction score
163
I mean, you're right and all, but it is "DEBUG" purpose to not use it on production server.
Nice to mention it anyways
 

Evil Puncker

I'd rather kiss a rattlesnake
Joined
May 30, 2009
Messages
5,797
Best answers
26
Reaction score
1,786
Location
160,54,7
also this code is already executed only by god:

Lua:
if not player:getGroup():getAccess() then
      return false
   end

   if player:getAccountType() < ACCOUNT_TYPE_GOD then
      return false
   end
 

gpedro

web developer
Joined
Dec 5, 2009
Messages
122
Best answers
0
Reaction score
59
Location
Brazil
also this code is already executed only by god:

Lua:
if not player:getGroup():getAccess() then
      return false
   end

   if player:getAccountType() < ACCOUNT_TYPE_GOD then
      return false
   end
i know but today is really common to find an insecure website modification... if have the bad guy get access to god account? this should be the first step to get root your server.

I just told to take care of the utilization of this script in production server.
 

Keal Atis

Well-Known Member
Joined
Feb 1, 2017
Messages
169
Best answers
1
Reaction score
67
Helpful in testing a scripts, thanks!
 

Nekiro

Support Team
Support Team
Joined
Sep 7, 2015
Messages
1,931
Best answers
82
Reaction score
710
i know but today is really common to find an insecure website modification... if have the bad guy get access to god account? this should be the first step to get root your server.

I just told to take care of the utilization of this script in production server.
you are overreacting.
 
Top