Because of the way chat strings are handled and sent out to each client, players can prepend something to the start of their name to make their chat text appear in the alert area (You know, where it says 'x was y by z' in the top-left)
Easy way to test this is doing '/name .*Blah' and saying anything.
You have a few choices on what you can do..
You can check on every change of their userinfo string, or do something simple and nicer such as this..
In G_SayTo (g_cmds.c) just add in this check before the trap_SendServerCommand call..
Code:
for (i=0; i<strlen(name); i++)
{
if (name[i] == '.')
continue;
if (name[i] == '*' && name[i-1] == '.')
return;
break;
}
That will successfully stop them from saying anything if they're trying to use this (minor) exploit.
Other things you can do is alter 'name[i]' and remove that character so they can chat but it won't appear in the alert area.
You could also warn them, change their name, kick them, silence them...whatever you want.
I suppose you can adapt that check to work in ClientUserinfoChanged (g_client.c) if you want.
Happy coding. =]