Wad Hashes aren't always checked clientside
When trying Freedoom 0.11.3 on my server, I noticed my client who was using Freedoom 0.9 was able to connect with no issue at all, while it was seriously outdated. As a result, it messed up the client view completely. Adding the MD5 hashes to the client & server didn't fix anything. This is a huge security flaw, making any client with slightly modified IWADs be able to mess with the clients (or the other way around). Apparently, it was done in the past, but I don't seem to check anything about it in the source code. Is it entirely normal ?
Steps to reproduce : 1) Create 2 folders: one for the client, one for the server. 2) on the server, add Freedoom1.wad version 0.9 (easier to notice since maps are different) . Clientside, add Freedoom1.wad version 0.11.3. 3) Create a server (using the default config is enough) with Freedoom1.wad 4) Client should run it like that : Odamex.exe -connect localhost The server accepts the client even if the IWAD is different. HOWEVER, If you try to join using Odalaunch, it'll throw an error.