From 3deaaafb8804d0c6634ab22d970f58ab8c529778 Mon Sep 17 00:00:00 2001 From: Video Date: Wed, 8 Mar 2023 19:52:30 -0700 Subject: [PATCH 1/2] Patches critical exploit --- .../blocking/command/CommandBlocker.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java b/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java index 2074f3e5..850b0159 100644 --- a/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java +++ b/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java @@ -24,7 +24,7 @@ import org.bukkit.plugin.SimplePluginManager; public class CommandBlocker extends FreedomService { - + private final Pattern whitespacePattern = Pattern.compile("^/?( +)(.*)?"); private final Pattern flagPattern = Pattern.compile("(:([0-9]){5,})"); // private final Map entryList = Maps.newHashMap(); @@ -156,6 +156,14 @@ public class CommandBlocker extends FreedomService // Format command = command.toLowerCase().trim(); + + // Whitespaces + Matcher whitespaceMatcher = whitespacePattern.matcher(command); + if (whitespaceMatcher.matches() && whitespaceMatcher.groupCount() == 2) + { + command = whitespaceMatcher.group(2); + } + command = command.startsWith("/") ? command.substring(1) : command; // Check for plugin specific commands From 41331e719d3d784f29c109d1a5ad943bb906e94a Mon Sep 17 00:00:00 2001 From: Video Date: Wed, 8 Mar 2023 19:58:14 -0700 Subject: [PATCH 2/2] Updates version to 2022.06.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a6d8a95e..d9ed9205 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ me.totalfreedom TotalFreedomMod - 2022.06 + 2022.06.1 jar