-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Moving to server side checks for inventory #422
Moving to server side checks for inventory #422
Conversation
Security Fix for qb-policejob that coincides with inventory security fix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anyone can give themselves all police items just by triggering the police:server:addVehItems
event.
Here are the possible fixes for this:
- Use a callback instead of an event (easiest but not preferred fix)
- Create a table of all vehicle plates spawned through qb-policejob (someway) and check if the vehicle is in there, or simply check if the plate has the correct syntax
- Check if the vehicle model is correct (hardest but kinda best one)
Qb-jobs resolves all these issues. |
Okay, but you do have to understand that I cant commit a PR with such security issue. |
That's fine i'll pull the trackVeh table, vehCount table and call backs from qb-jobs. |
added further security enhancements
fixed layered vector3
…licejob into r0ad_security_fix
I DID ALL OF THIS AND STILL NOT MERGED IN! |
Security Fix for qb-policejob that coincides with inventory security fix located at: qbcore-framework/qb-inventory#380
Questions (please complete the following information):