Updates version to 2022.06.1

Merge pull request #306 from AtlasMediaGroup/critical-exploit-fix
Patches critical exploit in the command blocker
2025-07-01 12:36:41 +00:00 · 2023-03-08 19:58:14 -07:00 · 2023-03-08 19:53:51 -07:00 · 2023-03-08 19:52:30 -07:00
2 changed files with 10 additions and 2 deletions
--- a/pom.xml
+++ b/pom.xml
@ -5,7 +5,7 @@

    <groupId>me.totalfreedom</groupId>
    <artifactId>TotalFreedomMod</artifactId>
-    <version>2022.06</version>
+    <version>2022.06.1</version>
    <packaging>jar</packaging>

    <properties>
--- a/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java
+++ b/src/main/java/me/totalfreedom/totalfreedommod/blocking/command/CommandBlocker.java
@ -24,7 +24,7 @@ import org.bukkit.plugin.SimplePluginManager;

 public class CommandBlocker extends FreedomService
 {
-
+    private final Pattern whitespacePattern = Pattern.compile("^/?( +)(.*)?");
    private final Pattern flagPattern = Pattern.compile("(:([0-9]){5,})");
    //
    private final Map<String, CommandBlockerEntry> entryList = Maps.newHashMap();
@ -156,6 +156,14 @@ public class CommandBlocker extends FreedomService

        // Format
        command = command.toLowerCase().trim();
+
+        // Whitespaces
+        Matcher whitespaceMatcher = whitespacePattern.matcher(command);
+        if (whitespaceMatcher.matches() && whitespaceMatcher.groupCount() == 2)
+        {
+            command = whitespaceMatcher.group(2);
+        }
+
        command = command.startsWith("/") ? command.substring(1) : command;

        // Check for plugin specific commands
Author	SHA1	Message	Date
Video	41331e719d	Updates version to 2022.06.1	2023-03-08 19:58:14 -07:00
Video	72c83ba84a	Merge pull request #306 from AtlasMediaGroup/critical-exploit-fix Patches critical exploit in the command blocker	2023-03-08 19:53:51 -07:00
Video	3deaaafb88	Patches critical exploit	2023-03-08 19:52:30 -07:00