[Feature Request] Editable "give" command for cheat mode.
Tudorhc5 opened this issue ยท 6 comments
Hello !
I have confirmed that this is not possible in the current version via the discord support channel.
If you enable cheat-mode in EMI, you can use it to grab items from it, be it a piece, or a stack, however if you are playing on a server which is not using the default minecraft commands, you will only see an error appear in chat when trying to use this feature.
This could be solved easily by letting the user edit the command used in the config. I dont know what the current command is formatted, but I would suggest following the example of JourneyMap. A box where the default command would be I imagine something like "/give {name} {item} {quantity}" and that can be edited freely by the user.
Hope more people will find this useful.
I can understand why someone might find utility in this but... it seems pretty low cost to support vanilla commands on a server, and I'm not sure why it wouldn't even be an option. A more serious concern is the ability to secretly put any command into modpack. Say you made an EMI addon pack for a vanilla compatible server and changed the command to, say, run /op myusername, so if any of the admins ever used the pack, they'd get opped. This may seem like a wild concern but allowing arbitrary commands is something I'd definitely not want to add lightly with that concern in mind.
Repackaging the .jar would be an unauthorized redistribution and would not be hosted on CurseForge or Modrinth
Downloading modpacks hosted on third-party website is always a risk
The developer for JourneyMap implementing it is their own decision, doesn't mean that other developers need to do the same if they don't like the risks that come with it
If malicious intents are your fear, I dont think they should be, because bad actors are all around, and if someone really wanted to do that they could do it anyway, just by modifying the source or repacking the JAR.
You dont understand why someone would find utility in this ?
I think the JourneyMap developers can give you a better answer, as they added too the editable teleport command (which you could say bad actors might run /op username). Think its about different plugins / mods altering the /tp command and making it run in different ways, which again for example I do use a modified tp command on my server, and if you look through issues in their github, you can see enough people using that. People run it as far as "/execute in {dim} run tp {name} {x} {y} {z}".
Just imagine that someone who is using a plugin that modifies the usage of the /tp command, you wouldnt be able to use the teleport command if they didnt add that option ?
Bacause I want to use cheat mode on my server as an admin, someone on your discord suggested to install EMI on the server, the server not being modded only so I can use the cheatmode which I am unable because i can not edit the command thats used when i click an item in cheat mode.
@SiverDX yes, repacking the .jar would be an unauthorized redistribution, and in the example provided above by Emily, she is expressing her concern for bad actors that would abuse that feature. And the response was the bad actors can already use this for malicious intentions. Do you think that a bad actor would care if he is sharing a malicious version of the mod? Why would he host it on any website if he can just send the file directly. or take advantage of the people with less knowledge about modding minecraft and providing them suspicious sources such as 9minecraft.
The point was, if someone wants to do a bad thing, have malicious intentions, they are gonna do it regardless. Even if that constitutes "unauthorized redistribution" such as the example with "repacking the jar".
LE: Of course any developer doesn't need to do anything that they don't like, its her own project, so of course she is free to decide as she pleases and sees fit. Again I am here just to make a feature request which I would say is useful. If I didn't care or like the mod that she made, why would I bother to make this issue ?
@Tudorhc5
There is a very big difference between allowing vulnerabilities on the versions of official website which are used by most people compared to some random third party websites which are already full of problems
Modpacks hosted on CurseForge (or Modrinth in the future) don't have problems with bad actors because those bad actors can't upload their modified versions on those websites
And that is also not even an argument
"It's already bad so why don't you just make it worse"