Fix Exploitable getCSR() checks

src/engine/client/library/clientGame/src/shared/command/CommandCppFuncs.cpp

@@ -1549,7 +1549,7 @@ void CommandCppFuncsNamespace::commandFuncNotepad(Command const & , NetworkId co
 
 void CommandCppFuncsNamespace::commandFuncSetScale (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1568,7 +1568,7 @@ void CommandCppFuncsNamespace::commandFuncSetScale (Command const & , NetworkId
 
 void CommandCppFuncsNamespace::commandFuncSetYaw (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1587,7 +1587,7 @@ void CommandCppFuncsNamespace::commandFuncSetYaw (Command const & , NetworkId co
 
 void CommandCppFuncsNamespace::commandFuncHideMe (Command const &, NetworkId const &, NetworkId const &, Unicode::String const &params)
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		bool hide = false;
 
@@ -1624,7 +1624,7 @@ void CommandCppFuncsNamespace::commandFuncHideMe (Command const &, NetworkId con
 
 void CommandCppFuncsNamespace::commandFuncReloadAdminTable (Command const & , NetworkId const & , NetworkId const & , Unicode::String const & )
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		const std::string reloadCommand = "/remote server reloadAdminTable";
 		IGNORE_RETURN(CuiMessageQueueManager::executeCommandByString(reloadCommand, true));
@@ -1635,7 +1635,7 @@ void CommandCppFuncsNamespace::commandFuncReloadAdminTable (Command const & , Ne
 
 void CommandCppFuncsNamespace::commandFuncSkills (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1654,7 +1654,7 @@ void CommandCppFuncsNamespace::commandFuncSkills (Command const & , NetworkId co
 
 void CommandCppFuncsNamespace::commandFuncSpawn (Command const & , NetworkId const & , NetworkId const & , Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		const std::string spawnCommand = "/remote object spawn ";
 
@@ -1670,7 +1670,7 @@ void CommandCppFuncsNamespace::commandFuncSpawn (Command const & , NetworkId con
 
 void CommandCppFuncsNamespace::commandFuncDestroy (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1689,7 +1689,7 @@ void CommandCppFuncsNamespace::commandFuncDestroy (Command const & , NetworkId c
 
 void CommandCppFuncsNamespace::commandFuncEditBank (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		if (target == NetworkId::cms_invalid)
 		{
@@ -1713,7 +1713,7 @@ void CommandCppFuncsNamespace::commandFuncEditBank (Command const & , NetworkId
 
 void CommandCppFuncsNamespace::commandFuncEditInventory (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		if (target == NetworkId::cms_invalid)
 		{
@@ -1737,7 +1737,7 @@ void CommandCppFuncsNamespace::commandFuncEditInventory (Command const & , Netwo
 
 void CommandCppFuncsNamespace::commandFuncEditDatapad (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		if (target == NetworkId::cms_invalid)
 		{
@@ -1760,7 +1760,7 @@ void CommandCppFuncsNamespace::commandFuncEditDatapad (Command const & , Network
 //----------------------------------------------------------------------
 void CommandCppFuncsNamespace::commandFuncExamineObjVars (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		const std::string objvarCommand = "/remote objvar list ";
 
@@ -1775,7 +1775,7 @@ void CommandCppFuncsNamespace::commandFuncExamineObjVars (Command const & , Netw
 
 void CommandCppFuncsNamespace::commandFuncRenamePlayer        (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1803,7 +1803,7 @@ void CommandCppFuncsNamespace::commandFuncRenamePlayer        (Command const & ,
 
 void CommandCppFuncsNamespace::commandFuncDraw (Command const & , NetworkId const & , NetworkId const & , Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		size_t pos = 0;
 		int value = nextIntParm (params, pos);
@@ -1815,7 +1815,7 @@ void CommandCppFuncsNamespace::commandFuncDraw (Command const & , NetworkId cons
 
 void CommandCppFuncsNamespace::commandFuncUiDebugExamine (Command const & , NetworkId const & , NetworkId const & , Unicode::String const & params)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		const std::string debugExamineCommand = "/ui debugexamine ";
 		std::string command = debugExamineCommand + Unicode::wideToUTF8(params);
@@ -1827,7 +1827,7 @@ void CommandCppFuncsNamespace::commandFuncUiDebugExamine (Command const & , Netw
 
 void CommandCppFuncsNamespace::commandFuncUnload (Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & )
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		if(target == NetworkId::cms_invalid)
 		{
@@ -1854,7 +1854,7 @@ void CommandCppFuncsNamespace::commandFuncEmptyMail(Command const & , NetworkId
 
 void CommandCppFuncsNamespace::commandFuncEditBiography(Command const & , NetworkId const & , NetworkId const & target, Unicode::String const & str)
 {
-	if(ConfigClientGame::getCSR())
+	if(Game::getPlayerObject()->isAdmin())
 	{
 		NetworkId editTarget(target);
 
@@ -2012,7 +2012,7 @@ void CommandCppFuncsNamespace::commandFuncTarget (Command const & , NetworkId co
 
 void CommandCppFuncsNamespace::commandFuncTargetPilot(Command const &, NetworkId const &, NetworkId const &target, Unicode::String const &)
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		CreatureObject * const player = Game::getPlayerCreature();
 		if (player)

src/engine/client/library/clientGame/src/shared/core/ConfigClientGame.cpp

@@ -868,6 +868,18 @@ float ConfigClientGame::getConnectionTimeout()
 
 //-----------------------------------------------------------------------
 
+/**
+ *>>>>>>>> WARNING READ THIS <<<<<<<<<<
+ *
+ * This is not a secure or reliable way to validate who is/is not a CSR.
+ * This only checks for the obfuscation code in the client-side config
+ * which anyone can add. This should ONLY be used to flag for the command
+ * parser that admin commands are available.
+ *
+ * If you need to validate if someone is/is not a CSR (isGod) then you
+ * should use Game::getPlayerObject->isAdmin() only!! But MORE importantly,
+ * anything being done should also be validated server-side!!!
+ */
 bool ConfigClientGame::getCSR()
 {
 	return ms_0fd345d9;

src/game/client/library/swgClientUserInterface/src/shared/page/SwgCuiBiographyEdit.cpp

@@ -115,7 +115,7 @@ SwgCuiBiographyEdit::~SwgCuiBiographyEdit()
 
 void SwgCuiBiographyEdit::performActivate()
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		CuiManager::requestPointer(true);
 		setIsUpdating(true);
@@ -127,7 +127,7 @@ void SwgCuiBiographyEdit::performActivate()
 
 void SwgCuiBiographyEdit::performDeactivate()
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		setIsUpdating(false);
 		CuiManager::requestPointer(false);
@@ -139,7 +139,7 @@ void SwgCuiBiographyEdit::performDeactivate()
 
 void SwgCuiBiographyEdit::onBiographyRetrieved(PlayerCreatureController::Messages::BiographyRetrieved::BiographyOwner const & msg)
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		if (m_biographyStatus == BES_waiting)
 		{
@@ -160,7 +160,7 @@ void SwgCuiBiographyEdit::onBiographyRetrieved(PlayerCreatureController::Message
 
 void SwgCuiBiographyEdit::OnButtonPressed(UIWidget *context)
 {
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		if (context == m_saveButton)
 		{
@@ -198,7 +198,7 @@ void SwgCuiBiographyEdit::update(float deltaTimeSecs)
 {
 	CuiMediator::update(deltaTimeSecs);
 
-	if (ConfigClientGame::getCSR())
+	if (Game::getPlayerObject()->isAdmin())
 	{
 		// Out of range check...
 		bool const isInRange = m_player != CachedNetworkId::cms_cachedInvalid && m_player.isValid();

src/game/client/library/swgClientUserInterface/src/shared/page/SwgCuiInventory.cpp

@@ -20,6 +20,7 @@
 #include "clientGame/CreatureObject.h"
 #include "clientGame/Game.h"
 #include "clientGame/GameNetwork.h"
+#include "clientGame/PlayerObject.h"
 #include "clientGraphics/Graphics.h"
 #include "clientUserInterface/CuiInventoryManager.h"
 #include "clientUserInterface/CuiManager.h"
@@ -734,7 +735,7 @@ void SwgCuiInventory::update (float deltaTimeSecs)
 
 	m_timeSinceLastRangeCheck += deltaTimeSecs;
 
-	if (m_timeSinceLastRangeCheck > 3.3f && !ConfigClientGame::getCSR())
+	if (m_timeSinceLastRangeCheck > 3.3f && !Game::getPlayerObject()->isAdmin())
 	{
 		m_timeSinceLastRangeCheck = 0.0f;