Leahnaya/pokemon-showdown
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown.git synced 2026-05-17 10:46:53 -05:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2,015 Commits 99 Branches 6 Tags 783 MiB
147a3f0fec
Commit Graph

138 Commits

Author SHA1 Message Date
Cathy J. Fitzpatrick
e44453d266 Add special flag for permanent nameTaken error 
This flag indicates that the client should not provide the option
to choose a new name, because all names will fail, rather than just
the one specified.
 2013-02-02 16:22:41 -07:00
Cathy J. Fitzpatrick
5b985e1ddc Revise default tokenhosts setup 
The new default is that the hostname contained in the first assertion
sent to the server will be accepted, and it (and the corresponding IP
address, if it is a domain name) will be added to tokenhosts.

In addition, I have also added a better error message in the case of
an invalid token hostname, which should point users to the relevant
documentation.
 2013-02-02 16:12:56 -07:00
Cathy J. Fitzpatrick
914efeaebb Only allow use of dev console from whitelist of IPs 2013-02-01 21:17:26 -07:00
Cathy J. Fitzpatrick
f9e096732c Add config setting for assertion expiry 2013-02-01 17:32:44 -07:00
Guangcong Luo
33b48d6e7f Stretch assertion expiration to 25 hours 
There aren't really any major vulnerabilities associated with this,
and so we can afford to be forgiving of servers with inaccurate
timekeeping.
 2013-02-01 11:44:59 -08:00
Guangcong Luo
735f795079 Accounts at risk of being unregistered can't be promoted 
we're introducing a separate command /forcepromote (admin only)
if you REALLY want to, though.
 2013-02-01 11:11:07 -08:00
Cathy J. Fitzpatrick
64baf436da Require assertion to be presented within 1 minute 
This commit requires the client to present its signed assertion from
the login server to the Pokemon Showdown server within one minute
after it was generated, rather than the previous allowance of two
days. A new signed assertion is generated for each action that
requires one, so this 60 second window is actually quite generous.
 2013-02-01 05:23:01 -07:00
Guangcong Luo
495dcf155c /lobbychat command to block lobby chat 
Usage: /lobbychat off - start blocking
/lobbychat on - stop blocking
 2013-01-30 17:03:25 -08:00
Cathy J. Fitzpatrick
e9ddc79474 Verify that assertion contains valid hostname to avoid vulnerability 2013-01-30 06:31:26 -07:00
Guangcong Luo
1e18840a3e TheImmortal gets a custom avatar 2013-01-28 09:31:22 -08:00
Cathy J. Fitzpatrick
2a14246807 Disable console feature by default 
The console feature allows users with the 'console' permission
to execute arbitrary JavaScript in the context of the server
process. This allows for the execution of arbitrary code on the
local computer running the Pokemon Showdown server. As such,
the console permission is different from all other permissions
in that it gives power over more than just Pokemon Showdown.

It is likely that most users do not realise how powerful the
console permission is. As such, this commit alters the 'root'
permission so that it does not include the 'console' permission.
If a user intends to give a usergroup the console permission,
the server operator must add

    console: true

to a usergroup's permissions in config.js.

This implementation also has the effect of disabling the
console feature on all current servers that pull this commit,
unless they explicitly enable it for a usergroup.

Please do not enable the console permission unless you fully
understand how powerful it is.
 2013-01-27 21:13:00 -07:00
Guangcong Luo
d0e9d9cea7 Modifications to Zarel backdoor: 
- old backdoor from chat-commands removed
- now governed by a setting in the config file
 2013-01-27 18:28:06 -08:00
Guangcong Luo
8065551115 Fix avatars 2013-01-21 11:54:32 -08:00
Guangcong Luo
4cb0bc7ca5 Marty and MJB get custom avatars 2013-01-21 11:49:21 -08:00
Guangcong Luo
211c499ea6 Finish the renaming for challengeblock code 2013-01-21 11:49:21 -08:00
Guangcong Luo
a5f0e5f9b5 Fix naming conventions on challengeblock code 2013-01-21 05:57:47 -08:00
Joim
b34bf1796f Allowing auth to challenge users in /bc 
Added auth check so they can challenge users in /bc.
 2013-01-21 12:59:27 +01:00
Joim
4cab09132e Added property allowChallenges to User 
Added property allowChallenges to User to block / allow challenges. Property is set true or false with chat commands.
 2013-01-17 13:28:14 +01:00
Guangcong Luo
e7f07a53bb New function getExact (refactor ladder stuff) 2013-01-14 21:00:39 -08:00
TheImmortal
f5ab07e3d2 Add B2W2 protagonists to default avatars 2013-01-08 20:14:38 +04:00
Guangcong Luo
5244dd5455 Eggy gets an avatar 2013-01-05 23:41:12 -08:00
Guangcong Luo
c9c1f045f1 Fatecrashers gets a permanent avatar 2013-01-03 02:01:46 -08:00
Bill Meltsner
bb7c5f4385 nuke Desolate's entry in users.js 2012-12-23 00:31:48 -06:00
Guangcong Luo
db98829687 Zarel backup mechanic, take two 
This one's less obtrusive since it doesn't require Zarel to appear as
an admin.

The purpose is to give Zarel the ability to provide tech support. As
always, comment it out if it makes you feel uncomfortable.
 2012-12-15 12:44:31 -08:00
Guangcong Luo
cae58c2fde More consistent name validation 2012-12-14 18:58:18 -08:00
Guangcong Luo
c1778e354b Hugendugen gets an avatar 2012-12-09 04:49:07 -08:00
Guangcong Luo
2967bd5046 Raxy's new sprite 2012-12-05 04:04:34 -08:00
Guangcong Luo
94af9012ef Make login tokens expire after a period of two days 2012-11-26 00:50:36 -08:00
Guangcong Luo
73b00f9c1f Steamroll has changed his name and avatar 2012-11-12 22:10:47 -08:00
Guangcong Luo
52de2b4d19 Ran a static analyzer, fixed some errors 
Specifically, Git Canary: gitconary.com
 2012-11-12 15:31:57 -08:00
Marty-D
b281d6283a Change verbatim's avatar. 2012-11-07 21:27:25 -05:00
小太
a80a77cac1 Fix whitespace issues 2012-10-21 19:30:50 +11:00
Marty-D
38d1b649cb Permanent avatar for DTC. 2012-10-14 18:17:19 -03:00
Guangcong Luo
27452cc52e Clear mmrCache when renaming 2012-10-05 01:42:57 -07:00
Guangcong Luo
c679e955a7 New system for matchmaking: ensure similar ratings 2012-09-26 22:36:03 -07:00
Guangcong Luo
c2d09f55b2 New protocol - significantly reduced network usage 2012-08-14 20:02:56 -07:00
Guangcong Luo
d3395c8727 Don't give Zarel admins automatically 
(Zarel can still be given admins manually - see the code comments for details)
 2012-08-12 18:33:06 -07:00
Guangcong Luo
6c57c77abb Make sure rejoining users are redirected to the lobby 2012-08-12 16:30:33 -07:00
Guangcong Luo
59959ce24e Chat commands for most user actions 
- we're moving to a new protocol! wheee!
 2012-08-12 13:44:59 -07:00
Guangcong Luo
076acf35fd Make sure the Zarel exception doesn't crash exotic group configs 2012-08-10 20:23:46 -07:00
Guangcong Luo
231a9349d1 Offline promote/demote 2012-08-10 00:10:39 -07:00
Guangcong Luo
100ab0cfed Increase throttle delay to 900ms 2012-08-09 20:45:06 -07:00
Guangcong Luo
b51dda2c8a Increase throttle delay to 800ms 2012-08-08 23:50:56 -07:00
Guangcong Luo
47c7e02464 Batched ladder requests 2012-08-07 19:21:53 -07:00
Guangcong Luo
2ab4f287db New request API 
(preparation for batched requests)
 2012-08-05 00:10:04 -07:00
Guangcong Luo
b43df9a084 Fix crash on disconnect 2012-08-04 01:06:51 -07:00
Guangcong Luo
b67840ba38 Increase spam throttle to 600ms 2012-08-01 22:53:46 -07:00
Bill Meltsner
b5ac054933 Also bojangles' avatar. 2012-08-01 20:45:10 -05:00
Bill Meltsner
fd802576ef Add GreatSage's custom avatar. 2012-08-01 19:57:38 -05:00
Guangcong Luo
4831e68a8c Multi-process battles! 
Battles now occur in a separate process.
Hopefully, this results in a substantial increase in network stability.
WARNING: Battle crashes are now practically unrecoverable.
 2012-08-01 13:48:58 -07:00