From 783d02d4b27c908efd8771fa91d6f85ea1a596db Mon Sep 17 00:00:00 2001
From: Robert Paciorek <robert@opcode.eu.org>
Date: Sat, 4 Jan 2025 22:33:25 +0000
Subject: [PATCH] exploits protection bugfixes

---
 src/CommandHandlers/SetPositionVariablesHandler.cs |  9 +++++++--
 src/CommandHandlers/SetUserVariablesHandler.cs     |  2 +-
 src/Data/PlayerData.cs                             | 11 +++++++----
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/CommandHandlers/SetPositionVariablesHandler.cs b/src/CommandHandlers/SetPositionVariablesHandler.cs
index 5af2fa9..96e4308 100644
--- a/src/CommandHandlers/SetPositionVariablesHandler.cs
+++ b/src/CommandHandlers/SetPositionVariablesHandler.cs
@@ -50,8 +50,13 @@ class SetPositionVariablesHandler : CommandHandler {
 
         // user event
         string? ue = spvData.Get<string>("UE");
-        if (ue != null)
-            vars.Add("UE", ue);
+        if (ue != null) {
+            long time = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
+            if ((time - client.PlayerData.last_ue_time) > 499 || Configuration.ServerConfiguration.AllowChaos) {
+                vars.Add("UE", ue);
+                client.PlayerData.last_ue_time = time;
+            }
+        }
         // pitch
         float? cup = spvData.Get<float?>("CUP");
         if (cup != null)
diff --git a/src/CommandHandlers/SetUserVariablesHandler.cs b/src/CommandHandlers/SetUserVariablesHandler.cs
index 9fe724e..8458acc 100644
--- a/src/CommandHandlers/SetUserVariablesHandler.cs
+++ b/src/CommandHandlers/SetUserVariablesHandler.cs
@@ -43,7 +43,7 @@ class SetUserVariablesHandler : CommandHandler {
         foreach (string varName in PlayerData.SupportedVariables) {
             string? value = suvData.Get<string>(varName);
             if (value != null) {
-                client.PlayerData.SetVariable(varName, value);
+                value = client.PlayerData.SetVariable(varName, value);
                 updated = true;
                 data.Add(varName, value);
                 vl.Add(NetworkArray.Param(varName, value));
diff --git a/src/Data/PlayerData.cs b/src/Data/PlayerData.cs
index 13e8b8e..47eed62 100644
--- a/src/Data/PlayerData.cs
+++ b/src/Data/PlayerData.cs
@@ -38,6 +38,8 @@ public class PlayerData {
     public string DiplayName { get; set; } = "placeholder";
     public Role Role { get; set; } = Role.User;
 
+    public long last_ue_time { get; set; } = 0;
+
     public static readonly string[] SupportedVariables = {
         "A",   // avatar data
         "FP",  // raised pet data
@@ -69,18 +71,18 @@ public class PlayerData {
         return variables[varName];
     }
 
-    public void SetVariable(string varName, string value) {
+    public string SetVariable(string varName, string value) {
         // do not store in variables directory
         if (varName == "UID") {
-            return;
+            return value;
         }
         if (varName == "R") {
             R = float.Parse(value, CultureInfo.InvariantCulture);
-            return;
+            return value;
         }
         if (varName == "F") {
             F = unchecked((int)Convert.ToUInt32(value, 16));
-            return;
+            return value;
         }
 
         // fix variable value before store
@@ -90,6 +92,7 @@ public class PlayerData {
 
         // store in directory
         variables[varName] = value;
+        return value;
     }
 
     public void InitFromNetworkData(NetworkObject suvData) {