This was created in response to the recent revelation that there is a fairly critical vulnerability that exists in the core warband game engine. This vulnerability can be exploited by a malicious player to crash a server through feeding invalid data to custom chat input methods. Vornne released his own work-around for this issue, and this follows the same general principle, by sanitising the message. This system can also be utilised to censor content from your server, if so desired. Currently the system is rather basic; you are free to modify it as you so desire.
How it works
When a client sends a message through a custom chat channel to the server, the message is forwarded to an external (local/remote) set of PHP scripts. The PHP scripts parse the input and remove any prohibited characters, words, or phrases. The output is then read and displayed by the game-server.
Installation (COMPILED)
By default, the compiled files point to the Alera Gaming Persistent World sanitisation backend ("pwsan.aleragaming.com"). This is hosted in North-Eastern France. Unless you predict latency to be a big issue, you are more than welcome to use our backend to filter your server's chat messages.
Should you wish to use the compiled files, but point to a locally hosted webserver, follow this brief guide.
1) Copy and paste the files contained within the compiled RAR to your server's "Modules/PW_4.5" folder.
2) When prompted to overwrite, click YES.
3) Upload the PHP files contained within the backend RAR to your web-server. Make sure they are in a location that is web-accessible.
4) Open the "Modules/PW_4.5/strings.txt" file and scroll to the bottom. Replace "http://pwsan.aleragaming.com" with the folder location where you placed the PHP files, for example: http://myserver.com/joebloggs_stuff/pwsanitisation.
5) ?? Profit
Version History/Changelog
31/05/2016 - Version 2.0.
Backend Changes;
Added a basic logging system. Uses either a local file on the HDD, or MySQL DB.
Added a basic custom filter array.
-- Both of the above can be configured in detail through the new config.php.
Removed "UNRECOGNIZED" and "TOKEN" from filter, as these will block legitimate users using the phrases.
Module System Changes;
Fixed "invalid response" message in logs, due to a incorrectly configured variable.
29/05/2016 - Version 1.0, RELEASE.
Downloads
The download section contains three files. All of these files are protected by the password "alera".
COMPILED - These are vanilla Persistent World 4.5 files with the fix applied.
SOURCE - This is the module system with the fix applied. Further information on how to dissect this information will be supplied in the near future. It is provided "AS IS" for the time being.
BACKEND - These are the PHP files which perform the sanitisation process on the backend.
Iron Europe
Version 2 - Vanilla, COMPILED
Version 2 - Vanilla, SOURCE
Version 2 - Vanilla, BACKEND
Mega
Version 2 - Vanilla, COMPILED
Version 2 - Vanilla, SOURCE
Version 2 - Vanilla, BACKEND
Credits
DanyEle - This is his work primarily, I am merely publishing it with his consent.
How it works
When a client sends a message through a custom chat channel to the server, the message is forwarded to an external (local/remote) set of PHP scripts. The PHP scripts parse the input and remove any prohibited characters, words, or phrases. The output is then read and displayed by the game-server.
Installation (COMPILED)
By default, the compiled files point to the Alera Gaming Persistent World sanitisation backend ("pwsan.aleragaming.com"). This is hosted in North-Eastern France. Unless you predict latency to be a big issue, you are more than welcome to use our backend to filter your server's chat messages.
Should you wish to use the compiled files, but point to a locally hosted webserver, follow this brief guide.
1) Copy and paste the files contained within the compiled RAR to your server's "Modules/PW_4.5" folder.
2) When prompted to overwrite, click YES.
3) Upload the PHP files contained within the backend RAR to your web-server. Make sure they are in a location that is web-accessible.
4) Open the "Modules/PW_4.5/strings.txt" file and scroll to the bottom. Replace "http://pwsan.aleragaming.com" with the folder location where you placed the PHP files, for example: http://myserver.com/joebloggs_stuff/pwsanitisation.
5) ?? Profit
Version History/Changelog
31/05/2016 - Version 2.0.
Backend Changes;
Added a basic logging system. Uses either a local file on the HDD, or MySQL DB.
Added a basic custom filter array.
-- Both of the above can be configured in detail through the new config.php.
Removed "UNRECOGNIZED" and "TOKEN" from filter, as these will block legitimate users using the phrases.
Module System Changes;
Fixed "invalid response" message in logs, due to a incorrectly configured variable.
29/05/2016 - Version 1.0, RELEASE.
Downloads
The download section contains three files. All of these files are protected by the password "alera".
COMPILED - These are vanilla Persistent World 4.5 files with the fix applied.
SOURCE - This is the module system with the fix applied. Further information on how to dissect this information will be supplied in the near future. It is provided "AS IS" for the time being.
BACKEND - These are the PHP files which perform the sanitisation process on the backend.
Iron Europe
Version 2 - Vanilla, COMPILED
Version 2 - Vanilla, SOURCE
Version 2 - Vanilla, BACKEND
Mega
Version 2 - Vanilla, COMPILED
Version 2 - Vanilla, SOURCE
Version 2 - Vanilla, BACKEND
Credits
DanyEle - This is his work primarily, I am merely publishing it with his consent.