Fixes vulnerability related to command blocking in rank-based systems (#58)

Video contributing to Plex finally???
This commit is contained in:
Video 2023-08-23 14:23:30 -06:00 committed by GitHub
parent bc6dbb1052
commit d54325304e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,5 +1,6 @@
package dev.plex.listener.impl;
import dev.plex.Plex;
import dev.plex.cache.DataUtils;
import dev.plex.command.blocking.BlockedCommand;
import dev.plex.listener.PlexListener;
@ -46,7 +47,7 @@ public class CommandListener extends PlexListener
{
String command = "/" + event.getMessage().replaceFirst("/", "").trim();
Player player = event.getPlayer();
if (player.hasPermission("plex.commandblocker.bypass")) return;
if (Plex.get().getPermissions() != null && Plex.get().getPermissions().has(player, "plex.commandblocker.bypass")) return;
PlexPlayer plexPlayer = DataUtils.getPlayer(player.getUniqueId());
String commandName = StringUtils.normalizeSpace(command).split(" ")[0].replaceFirst("/", "");
String arguments = StringUtils.normalizeSpace(StringUtils.normalizeSpace(command).replace(command.split(" ")[0], ""));