Defer permissions check when making LocalSession.

Also use Java7 Paths to get rid of some funky logic.
This commit is contained in:
wizjany 2019-03-11 20:37:35 -04:00
parent a5cec7728d
commit 1c5d3368a0
2 changed files with 14 additions and 15 deletions

View File

@ -68,6 +68,8 @@ import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -279,19 +281,17 @@ public final class WorldEdit {
} }
try { try {
String filePath = f.getCanonicalPath(); Path filePath = Paths.get(f.toURI()).normalize();
String dirPath = dir.getCanonicalPath(); Path dirPath = Paths.get(dir.toURI()).normalize();
if ((filePath.length() < dirPath.length() || !filePath.substring(0, dirPath.length()).equals(dirPath)) if (!filePath.startsWith(dirPath)
&& !getConfiguration().allowSymlinks) { || (!getConfiguration().allowSymlinks && !filePath.toRealPath().startsWith(dirPath))) {
throw new FilenameResolutionException(filename, throw new FilenameResolutionException(filename, "Path is outside allowable root");
"Path is outside allowable root");
} }
return f; return f;
} catch (IOException e) { } catch (IOException e) {
throw new FilenameResolutionException(filename, throw new FilenameResolutionException(filename, "Failed to resolve path");
"Failed to resolve path");
} }
} }

View File

@ -162,12 +162,10 @@ public class SessionManager {
sessions.put(getKey(owner), new SessionHolder(sessionKey, session)); sessions.put(getKey(owner), new SessionHolder(sessionKey, session));
} }
if (shouldBoundLimit(owner.hasPermission("worldedit.limit.unrestricted"), if (shouldBoundLimit(owner, "worldedit.limit.unrestricted", session.getBlockChangeLimit(), config.maxChangeLimit)) {
session.getBlockChangeLimit(), config.maxChangeLimit)) {
session.setBlockChangeLimit(config.maxChangeLimit); session.setBlockChangeLimit(config.maxChangeLimit);
} }
if (shouldBoundLimit(owner.hasPermission("worldedit.timeout.unrestricted"), if (shouldBoundLimit(owner, "worldedit.timeout.unrestricted", session.getTimeout(), config.maxCalculationTimeout)) {
session.getTimeout(), config.maxCalculationTimeout)) {
session.setTimeout(config.maxCalculationTimeout); session.setTimeout(config.maxCalculationTimeout);
} }
@ -181,9 +179,10 @@ public class SessionManager {
return session; return session;
} }
private boolean shouldBoundLimit(boolean mayBypass, int currentLimit, int maxLimit) { private boolean shouldBoundLimit(SessionOwner owner, String permission, int currentLimit, int maxLimit) {
if (!mayBypass && maxLimit > -1) { // if player can't bypass and max is finite if (maxLimit > -1) { // if max is finite
return currentLimit < 0 || currentLimit > maxLimit; // make sure current is finite and less than max return (currentLimit < 0 || currentLimit > maxLimit) // make sure current is finite and less than max
&& !owner.hasPermission(permission); // unless user has unlimited permission
} }
return false; return false;
} }