From f360d7f4366d9a591f1d1ee6c26e5bdf52fcdfb6 Mon Sep 17 00:00:00 2001
From: Aure7138 <100095051+Aure7138@users.noreply.github.com>
Date: Sat, 21 Jan 2023 07:33:41 +0800
Subject: [PATCH] hotfix script RCE (#892)

---
 src/core/enums.hpp                             | 5 ++++-
 src/hooks/protections/script_event_handler.cpp | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/core/enums.hpp b/src/core/enums.hpp
index d1630bf4..982ad361 100644
--- a/src/core/enums.hpp
+++ b/src/core/enums.hpp
@@ -189,7 +189,10 @@ namespace big
 		NotificationMoneyRemoved = -1197151915, // TICK_TC_REMO
 		NotificationMoneyStolen = -28878294, // TICK_TC_STOL
 
-		DestroyPersonalVehicle = -513394492 // CnC_PV_THEFT
+		DestroyPersonalVehicle = -513394492, // CnC_PV_THEFT
+
+		BadThing1 = 1279059857,
+		BadThing2 = -343495611
 	};
 
 	enum class eCollectibleType
diff --git a/src/hooks/protections/script_event_handler.cpp b/src/hooks/protections/script_event_handler.cpp
index 4b33af4c..ddb84f09 100644
--- a/src/hooks/protections/script_event_handler.cpp
+++ b/src/hooks/protections/script_event_handler.cpp
@@ -330,6 +330,10 @@ namespace big
 		case eRemoteEvent::DestroyPersonalVehicle:
 			g.reactions.destroy_personal_vehicle.process(plyr);
 			return true;
+		case eRemoteEvent::BadThing1:
+		case eRemoteEvent::BadThing2:
+			return true;
+			break;
 		}
 
 		// detect pasted menus setting args[1] to something other than PLAYER_ID()