mirror of
https://gitea.wildfiregames.com/0ad/0ad.git
synced 2026-06-23 17:47:04 +00:00
elexis
fb84643c6d
`Engine.SetViewedPlayer` and `Engine.SetPlayerID` could be used to reveal the map from GUI scripts and the in game console. This is prevented by querying the simulation whether this player is allowed to call thous functions. These two vulnerabilities were introduced with their respective features:20e7d2224aintroduced SetPlayerID to allow controlling other players using the developer overlay.a2f7d4d82aintroduced SetViewedPlayer to allow observers to change the perspective. (cherry picked from commit023527e56e) Signed-off-by: Itms <itms@wildfiregames.com>