Fully implemented ConVar class so we could statically construct all SDK convars, this avoids a level of indirection, and allows for creating ConVar's everywhere in the project.
This patch also removed the settings tab of the ImGui server browser, as it has threading issues, while it technically never caused a crash yet, it has been removed as there was no point keeping it vs the work required to make it thread save (it only managed 2 convars which are perfectly manageable through cfg's or the in-game console).
Also temporarily disabled the creation of ConVar's in the mod system due to a memory leak, we would allocate and register a convar based on details parsed out of a mod file definition, but never unregister and free it.
Utilize the new IDetour::DetourSetup() code, IDetour::Attach and IDetour::Detach have been removed in favor of this (significantly reduces chance of user error). Since the template check happens in the idetour header, it is much more aggressive on type mismatches, such as a difference in parameter types, between the function and detour, will now raise a compile time error. As a result, some type mismatches have been fixed in this commit as well.
Fix several exploitable bugs in the CUserCmd class. Some of these have been used to exploit/cheat in-game. Fixes contain:
- Camera position clamping (the only patch that hasn't been tested yet!)
- Weapon activity exploit, allowing player to infinitely throw ordnances, and perform other 'cheats'.
- Akimbo exploit + server crasher, allowing client to set multiple inventory weapons as active. The active weapon index bounds were also not checked, a properly crafter CUserCmd message would therefore be able to crash the server.
Note that this does not fix all issues related to the UserCmd class; further reversing and testing revealed there is more to be fixed, these fixes will get implemented with a future commit.
Must be normalized, bad values (NAN or FLT_MAX) will crash the game. There is more that needs to be clamped, but before we can do this CUserCmd has to be reversed more.
The frame time send from CL_Move is not sanitized on the server; clamp it to the same cvars the client is clamping them to so players busting out the clamps cannot speed hack. The values are replicated between the server and client, so if someone wants to tweak the values, it won't mess up on either the server or client.
