Plexus/Plex-FAWE
1
0
Fork 0
mirror of https://github.com/plexusorg/Plex-FAWE.git synced 2025-07-12 08:18:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix major security bugs (3 brushes + superpickaxe)! (#1213)

Browse Source 
* Fix major security bugs (3 brushes + superpickaxe)!
- Due to some recent changes, FAWE could edit everything in the world, no matter other plugin protections such as PS or WG.
- Fix superpickaxe allow to bypass protections => Fix SurvivalModeExtent not taking into account protections plugins due to breaking blocks naturally to get drops.

* Adress requests
- Revert some unsuitabe changes
- Add FAWE diff comments

* Clean imports

* Adress requests

Co-authored-by: NotMyFault <mc.cache@web.de>
This commit is contained in:
Aurélien
2021-08-07 11:09:33 +02:00
committed by GitHub
parent 14b3fd2085
commit abaa347ad4
8 changed files with 61 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
worldedit-core/src/main/java/com/sk89q/worldedit/extent/world/SurvivalModeExtent.java
View File

@ -19,7 +19,10 @@
package com.sk89q.worldedit.extent.world;
import com.fastasyncworldedit.core.util.TaskManager;
import com.fastasyncworldedit.core.util.task.RunnableVal;
import com.sk89q.worldedit.WorldEditException;
import com.sk89q.worldedit.blocks.BaseItemStack;
import com.sk89q.worldedit.extent.AbstractDelegateExtent;
import com.sk89q.worldedit.extent.Extent;
import com.sk89q.worldedit.math.BlockVector3;
@ -27,6 +30,8 @@ import com.sk89q.worldedit.util.nbt.CompoundBinaryTag;
import com.sk89q.worldedit.world.World;
import com.sk89q.worldedit.world.block.BlockStateHolder;
import java.util.Collection;
import static com.google.common.base.Preconditions.checkNotNull;
/**
@ -91,8 +96,22 @@ public class SurvivalModeExtent extends AbstractDelegateExtent {
@Override
public <B extends BlockStateHolder<B>> boolean setBlock(BlockVector3 location, B block) throws WorldEditException {
if (toolUse && block.getBlockType().getMaterial().isAir()) {
world.simulateBlockMine(location);
return true;
Collection<BaseItemStack> drops = world.getBlockDrops(location);
boolean canSet = super.setBlock(location, block);
if (canSet) {
TaskManager.IMP.sync(new RunnableVal<>() {
@Override
public void run(Object value) {
for (BaseItemStack stack : drops) {
world.dropItem(location.toVector3(), stack);
}
}
});
return true;
} else {
return false;
}
} else {
// Can't be an inlined check due to inconsistent generic return type
if (stripNbt) {