Defer permissions check when making LocalSession.

Also use Java7 Paths to get rid of some funky logic.
This commit is contained in:
wizjany 2019-03-11 20:37:35 -04:00
parent a5cec7728d
commit 1c5d3368a0
2 changed files with 14 additions and 15 deletions

View File

@ -68,6 +68,8 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@ -279,19 +281,17 @@ public final class WorldEdit {
}
try {
String filePath = f.getCanonicalPath();
String dirPath = dir.getCanonicalPath();
Path filePath = Paths.get(f.toURI()).normalize();
Path dirPath = Paths.get(dir.toURI()).normalize();
if ((filePath.length() < dirPath.length() || !filePath.substring(0, dirPath.length()).equals(dirPath))
&& !getConfiguration().allowSymlinks) {
throw new FilenameResolutionException(filename,
"Path is outside allowable root");
if (!filePath.startsWith(dirPath)
|| (!getConfiguration().allowSymlinks && !filePath.toRealPath().startsWith(dirPath))) {
throw new FilenameResolutionException(filename, "Path is outside allowable root");
}
return f;
} catch (IOException e) {
throw new FilenameResolutionException(filename,
"Failed to resolve path");
throw new FilenameResolutionException(filename, "Failed to resolve path");
}
}

View File

@ -162,12 +162,10 @@ public class SessionManager {
sessions.put(getKey(owner), new SessionHolder(sessionKey, session));
}
if (shouldBoundLimit(owner.hasPermission("worldedit.limit.unrestricted"),
session.getBlockChangeLimit(), config.maxChangeLimit)) {
if (shouldBoundLimit(owner, "worldedit.limit.unrestricted", session.getBlockChangeLimit(), config.maxChangeLimit)) {
session.setBlockChangeLimit(config.maxChangeLimit);
}
if (shouldBoundLimit(owner.hasPermission("worldedit.timeout.unrestricted"),
session.getTimeout(), config.maxCalculationTimeout)) {
if (shouldBoundLimit(owner, "worldedit.timeout.unrestricted", session.getTimeout(), config.maxCalculationTimeout)) {
session.setTimeout(config.maxCalculationTimeout);
}
@ -181,9 +179,10 @@ public class SessionManager {
return session;
}
private boolean shouldBoundLimit(boolean mayBypass, int currentLimit, int maxLimit) {
if (!mayBypass && maxLimit > -1) { // if player can't bypass and max is finite
return currentLimit < 0 || currentLimit > maxLimit; // make sure current is finite and less than max
private boolean shouldBoundLimit(SessionOwner owner, String permission, int currentLimit, int maxLimit) {
if (maxLimit > -1) { // if max is finite
return (currentLimit < 0 || currentLimit > maxLimit) // make sure current is finite and less than max
&& !owner.hasPermission(permission); // unless user has unlimited permission
}
return false;
}