Revision Difference
Blocked_ConCommands#562726
<cat>Dev.Ref</cat>
This is a list of all concommands and convars blacklisted from being ran or changed with <page>Global.RunConsoleCommand</page>, <page>game.ConsoleCommand</page> and <page>Player:ConCommand</page>. Server and clients can still run the commands normally from console. Certain console commands have been disabled for a variety of reasons, usually to prevent harm or annoyance to players, such as unbinding all their keys using `unbindall`.
When you attempt to run <page>Global.RunConsoleCommand</page> with a blocked command, this error will be thrown in console: `RunConsoleCommand: Command is blocked! (<command name>)`.
Running <page>Player:ConCommand</page> with a blocked command will throw red text in console: `ConCommand blocked! (<command name>)`.
Running <page>game.ConsoleCommand</page> with a blocked command will throw red text in console: `game.ConsoleCommand blocked! (<command name>)`.
<note>
This list was ripped from Garry's Mod dynamic libraries.
</note>
| Name | Reason |
|:-----|:-------|
| `__screenshot_internal` | Could create a screenshot without the client's consent
| `_restart` | Blocked only client-side. Could crash the player's game
| `alias` | Could alias commands without the client's consent
| `askconnect_accept` | Could accept a redirect request without the client wanting to be redirected
| `bind` | Could be used to rebind keys without the client's consent
| `bind_mac` | Could be used to rebind keys without the client's consent
| `bindtoggle` | Could be used to rebind keys without the client's consent
| `buildcubemaps` | Could rebuild the cubemaps on a server, which can cause errors
| `cef_credits` | Could open big count of webpanels
| `cl_allowdownload` | Could change the download settings without the client wanting to
| `cl_allowupload` | Could change the uploads settings without the client wanting to
| `cl_chatfilters` | Could change the chat filter settings without the client wanting to
| `cl_cloud_settings` | Could change the cloud settings without the client wanting to
| `cl_downloadfilter` | Could change which files can be downloaded from the server without the client consent
| `cl_enable_loadingurl` | Could enable/disable custom loading screens provided by joined servers without the client wanting to
| `cl_logofile` | Could choose spray file without the client wanting to
| `cl_mouseenable` | Could enable or disable the mouse without the client wanting to
| `cl_software_cursor` | Could replace the cursor with missing material (this makes the cursor invisible)
| `cl_playerspraydisable` | Persists across sessions, use the <page>GM:PlayerSpray</page> hook or sv_allowupload 0 to disable sprays
| `clear` | Could clear the console without the client's consent
| `con_enable` | Could enable or disable the console
| `con_filter_dupe` | Could modify console filtering settings without the client wanting to
| `con_filter_enable` | Could modify console filtering settings without the client wanting to
| `con_filter_text` | Could modify console filtering settings without the client wanting to
| `con_filter_text_out` | Could modify console filtering settings without the client wanting to
| `con_logfile` | Now-removed convar that in the past could enable/disable writing console output to a file
| `connect` | Could connect to specified server without the client's consent
| `crosshair` | Could enable or disable the crosshair without the client's consent
| `devshots_screenshot` | Could create a screenshot without the client's consent
| `debug_dump` |
| `echo` | Could be used to print fake console messages
| `ent_fire` | Could let clients manipulate entities more than expected
| `ent_setname` | Could let clients manipulate entities more than expected
| `exec` | Could allow the client to execute malicious scripts
| `exit` | Could exit the client's game entirely
| `fov_desired` |⤶
| `gamemode_reload` | Now-removed command
| `gamemode_reload_cl` | Now-removed command
| `gameui_hide` | Could hide the game UI when the client didn't request to
| `gameui_preventescapetoshow` | Could stop the client from opening the game UI
| `gameui_show_dialog` | Could show an arbitrary dialog that crashes the game
| `gm_video` | Could recording of a .webm when the client didn't request to
| `gmod_language` | Could change the clients language without the client wanting it
| `gmod_tos` | Could open Facepunch's Terms of Service when the client didn't request to
| `gmod_privacy` | Could open Facepunch's Privacy Policy when the client didn't request to
| `gmod_modding` | Could open Facepunch's Modding guidelines when the client didn't request to
| `gmod_servers` | Could open the Server Operator rules when the client didn't request to
| `gmod_delete_temp_files` | Could modify temporary file settings without the client wanting to
| `hideconsole` | Could hide the console when the client didn't request to
| `host_writeconfig` | Could save the current config settings to the registry (which could cause changes to be saved without the client wanting them)
| `hud_fastswitch` | Could enable/disable fast weapons switch
| `incrementvar` | Could change convar values (by increment them)
| `lightprobe` | Could be used to save two files without the client knowing (a cubemap file and a file indicating the local lighting)
| `log` | Could enable/disable logging to file, console, and udp
| `lookspring` |
| `lookstrafe` |
| `lservercfgfile` | Could select any config file instead of listenserver.cfg
| `lua_cookieclear` | Could delete cookie library stored data when the client didn't request to
| `lua_error_url` | Could change the url to which lua errors will be sent
| `lua_open` | Now-removed command
| `lua_openscript` |
| `lua_openscript_cl` | Could allow the client to open malicious scripts
| `lua_redownload` | Now-removed command
| `lua_reloadents` | Could reload all scripted entities
| `lua_reloadents_cl` | Could reload all scripted entities
| `lua_run` |
| `lua_run_cl` |
| `lua_showerrors_cl` | Now-removed command
| `lua_showerrors_sv` | Now-removed command
| `m_customaccel` | Could modify mouse settings without the client wanting to
| `m_customaccel_exponent` | Could modify mouse settings without the client wanting to
| `m_customaccel_scale` | Could modify mouse settings without the client wanting to
| `m_forward` | Could modify mouse settings without the client wanting to
| `m_mouseaccel1` | Could modify mouse settings without the client wanting to
| `m_mouseaccel2` | Could modify mouse settings without the client wanting to
| `m_mousespeed` | Could modify mouse settings without the client wanting to
| `m_pitch` | Could modify mouse settings without the client wanting to
| `m_side` | Could modify mouse settings without the client wanting to
| `m_yaw` | Could modify mouse settings without the client wanting to
| `mat_color_projection` | Could enable/disable drawing a overlay with missing texture on top of everything
| `mat_crosshair_edit` |
| `mat_crosshair_explorer` | Could be used to open Explorer without the client wanting to, which could exit out of the game
| `mat_dxlevel` | Could changes what GPU features are used based on DirectX version
| `mat_savechanges` | Could save the current video config to the registry (which could cause changes to be saved without the client wanting them)
| `mat_texture_save_fonts` |
| `mat_setvideomode` | Could sets the width, height, windowed state of the material system
| `mat_texture_limit` | Could limit the amount of texture memory available
| `mat_texture_list` | Could display the texture list without the client wanting to
| `+mat_texture_list` | Could display the texture list without the client wanting to
| `mat_texture_list_content_path` |
| `mat_viewportscale` | Could scale down a client's viewport
| `mat_viewportupscale` | Could scale up a client's viewport
| `menu_reload` | Could force a reload of the Lua base menu (which causes the game to crash with a Lua panic error in my test)
| `movie_fixwave` |
| `mp_flashlight` | Could be used to enable or disable the flashlight for an entire server
| `multvar` | Could change convar values (by multiplying them)
| `name` |
| `playdemo` |
| `plugin_load` | Could load server plugins
| `quit` | Could exit the client's game entirely
| `quti` | Now-removed command that in the past could exit the client's game entirely
| `r_aspect` | Now-removed command
| `rcon_address` | Could change address of remote server for sending rcon commands
| `rcon_password` | Could change remote console password
| `sensitivity` | Could change the client's mouse sensitivity without their knowledge
| `servercfgfile` | Could select any config file instead of server.cfg
| `snd_buildcache` | Could exit the client's game entirely
| `snd_ducktovolume` | Could modify sounds settings without the client wanting to
| `snd_gain` | Could modify sounds settings without the client wanting to
| `snd_gain_max` | Could modify sounds settings without the client wanting to
| `snd_gain_min` | Could modify sounds settings without the client wanting to
| `snd_mixahead` | Could modify sounds settings without the client wanting to
| `snd_musicvolume` | Could modify music volume without the client wanting to
| `snd_pitchquality` | Could modify sounds settings without the client wanting to
| `startupmenu` | Could open the initial menu screen and load the background bsp without the client wanting to (Also causes a crash)
| `stuffcmds` |
| `suitvolume` |
| `sv_allow_wait_command` | Now-removed command
| `sv_cheats` | Could allow cheats on server
| `sv_logfilename_format` | Could change log filename formatting
| `sv_logsdir` | Could change the folder where server logs will be stored
| `test_loop` | Now-removed command
| `test_randomchance` | Now-removed command
| `test_startscript` | Now-removed command
| `toggle` | Could toggle convars without the client requesting to
| `toggleconsole` | Could stop the client from opening the console or open it when they didn't want to
| `unbind` | Could stop the client from being able to press anything
| `unbind_mac` | Could stop the client from being able to press anything
| `unbindall` | Could stop the client from being able to press anything
| `+voicerecord` | Could allow one to activate the clients microphone without the client wanting to
| `voice_avggain` | Could modify voice chat settings without the client wanting to
| `voice_enable` | Could enable or disable voice chat without the client wanting to
| `voice_fadeouttime` | Could modify voice chat settings without the client wanting to
| `voice_forcemicrecord` | Could modify voice chat settings without the client wanting to
| `voice_gain_downward_multiplier` | Could modify voice chat settings without the client wanting to
| `voice_gain_max` | Could modify voice chat settings without the client wanting to
| `voice_gain_rate` | Could modify voice chat settings without the client wanting to
| `voice_gain_target` | Could modify voice chat settings without the client wanting to
| `voice_inputfromfile` | Could modify voice chat settings without the client wanting to
| `voice_loopback` | Could modify voice chat settings without the client wanting to
| `voice_maxgain` | Could modify voice chat settings without the client wanting to
| `voice_modenable` | Could modify voice chat settings without the client wanting to
| `voice_overdrive` | Could modify voice chat settings without the client wanting to
| `voice_scale` | Could modify voice chat settings without the client wanting to
| `voice_recordtofile` | Could modify voice chat settings without the client wanting to
| `volume` | Can change the volume of the game
| `volume_sfx` |
| `vprof_record_start` | Now-removed command
| `vprof_record_stop` | Now-removed command
| `whereis` | Could print out sensitive file paths without consent. This isn't blocked on the Menu <page text="realm">States</page>.