Plexus/Plex-FAWE
1
0
Fork 0
mirror of https://github.com/plexusorg/Plex-FAWE.git synced 2024-06-28 21:31:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Defer permissions check when making LocalSession.

Browse Source 
Also use Java7 Paths to get rid of some funky logic.
This commit is contained in:
wizjany 2019-03-11 20:37:35 -04:00
parent a5cec7728d
commit 1c5d3368a0
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
worldedit-core/src/main/java/com/sk89q/worldedit/WorldEdit.java
View File

@ -68,6 +68,8 @@ import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -279,19 +281,17 @@ public final class WorldEdit {
} }
try { try {
String filePath = f.getCanonicalPath(); Path filePath = Paths.get(f.toURI()).normalize();
String dirPath = dir.getCanonicalPath(); Path dirPath = Paths.get(dir.toURI()).normalize();
if ((filePath.length() < dirPath.length() || !filePath.substring(0, dirPath.length()).equals(dirPath)) if (!filePath.startsWith(dirPath)
&& !getConfiguration().allowSymlinks) { || (!getConfiguration().allowSymlinks && !filePath.toRealPath().startsWith(dirPath))) {
throw new FilenameResolutionException(filename, throw new FilenameResolutionException(filename, "Path is outside allowable root");
"Path is outside allowable root");
} }
return f; return f;
} catch (IOException e) { } catch (IOException e) {
throw new FilenameResolutionException(filename, throw new FilenameResolutionException(filename, "Failed to resolve path");
"Failed to resolve path");
} }
} }

13
worldedit-core/src/main/java/com/sk89q/worldedit/session/SessionManager.java
View File

@ -162,12 +162,10 @@ public class SessionManager {
sessions.put(getKey(owner), new SessionHolder(sessionKey, session)); sessions.put(getKey(owner), new SessionHolder(sessionKey, session));
} }
if (shouldBoundLimit(owner.hasPermission("worldedit.limit.unrestricted"), if (shouldBoundLimit(owner, "worldedit.limit.unrestricted", session.getBlockChangeLimit(), config.maxChangeLimit)) {
session.getBlockChangeLimit(), config.maxChangeLimit)) {
session.setBlockChangeLimit(config.maxChangeLimit); session.setBlockChangeLimit(config.maxChangeLimit);
} }
if (shouldBoundLimit(owner.hasPermission("worldedit.timeout.unrestricted"), if (shouldBoundLimit(owner, "worldedit.timeout.unrestricted", session.getTimeout(), config.maxCalculationTimeout)) {
session.getTimeout(), config.maxCalculationTimeout)) {
session.setTimeout(config.maxCalculationTimeout); session.setTimeout(config.maxCalculationTimeout);
} }
@ -181,9 +179,10 @@ public class SessionManager {
return session; return session;
} }
private boolean shouldBoundLimit(boolean mayBypass, int currentLimit, int maxLimit) { private boolean shouldBoundLimit(SessionOwner owner, String permission, int currentLimit, int maxLimit) {
if (!mayBypass && maxLimit > -1) { // if player can't bypass and max is finite if (maxLimit > -1) { // if max is finite
return currentLimit < 0 || currentLimit > maxLimit; // make sure current is finite and less than max return (currentLimit < 0 || currentLimit > maxLimit) // make sure current is finite and less than max
&& !owner.hasPermission(permission); // unless user has unlimited permission
} }
return false; return false;
} }