AtlasMediaGroup/TotalFreedomMod
1
0
Fork 0
mirror of https://github.com/AtlasMediaGroup/TotalFreedomMod.git synced 2024-11-26 17:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #306 from AtlasMediaGroup/critical-exploit-fix

Browse Source 
Patches critical exploit in the command blocker
This commit is contained in:
Video 2023-03-08 19:53:51 -07:00 committed by GitHub
commit 72c83ba84a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java
View File

@ -24,7 +24,7 @@ import org.bukkit.plugin.SimplePluginManager;
public class CommandBlocker extends FreedomService
{
private final Pattern whitespacePattern = Pattern.compile("^/?( +)(.*)?");
private final Pattern flagPattern = Pattern.compile("(:([0-9]){5,})");
//
private final Map<String, CommandBlockerEntry> entryList = Maps.newHashMap();
@ -156,6 +156,14 @@ public class CommandBlocker extends FreedomService
// Format
command = command.toLowerCase().trim();
// Whitespaces
Matcher whitespaceMatcher = whitespacePattern.matcher(command);
if (whitespaceMatcher.matches() && whitespaceMatcher.groupCount() == 2)
{
command = whitespaceMatcher.group(2);
}
command = command.startsWith("/") ? command.substring(1) : command;
// Check for plugin specific commands