BUG: Server specific commands registered when in client mode
Closed this issue · 2 comments
dsvensson commented
SV_InitOperatorCommands registers all sorts of fun stuff that a random server may invoke via stufftext. This set of commands should likely only be registered when starting a local ezquake server, and some of them should perhaps be completely removed.
osm commented
Make sure you aren't using the -enablelocalcommand
command, otherwise a malicious server can execute anything on the client computer:
https://github.com/QW-Group/ezquake-source/blob/master/src/sv_ccmds.c#L1856-L1857
https://github.com/QW-Group/ezquake-source/blob/master/src/sv_ccmds.c#L752