mirror of
https://github.com/sekwah41/Advanced-Portals.git
synced 2024-09-27 14:52:59 +02:00
Fixed security vulnerability
This commit is contained in:
parent
468715a29f
commit
17fb0c5332
@ -8,6 +8,7 @@ import com.sekwah.advancedportals.bukkit.effects.WarpEffects;
|
|||||||
import com.sekwah.advancedportals.bukkit.listeners.*;
|
import com.sekwah.advancedportals.bukkit.listeners.*;
|
||||||
import com.sekwah.advancedportals.bukkit.metrics.Metrics;
|
import com.sekwah.advancedportals.bukkit.metrics.Metrics;
|
||||||
import com.sekwah.advancedportals.bukkit.portals.Portal;
|
import com.sekwah.advancedportals.bukkit.portals.Portal;
|
||||||
|
import org.bukkit.configuration.ConfigurationSection;
|
||||||
import org.bukkit.entity.Player;
|
import org.bukkit.entity.Player;
|
||||||
import org.bukkit.plugin.java.JavaPlugin;
|
import org.bukkit.plugin.java.JavaPlugin;
|
||||||
|
|
||||||
@ -18,6 +19,8 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
|
|
||||||
public String channelName = "mc:advancedportals";
|
public String channelName = "mc:advancedportals";
|
||||||
|
|
||||||
|
public boolean registeredBungeeChannels = false;
|
||||||
|
|
||||||
// public HashMap<OfflinePlayer, String> PlayerDestiMap = new HashMap<>();
|
// public HashMap<OfflinePlayer, String> PlayerDestiMap = new HashMap<>();
|
||||||
|
|
||||||
public void onEnable() {
|
public void onEnable() {
|
||||||
@ -101,11 +104,42 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void setupBungee() {
|
private void setupBungee() {
|
||||||
|
// Enables very basic bungee support if not setup right
|
||||||
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
|
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
|
||||||
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
|
if(this.checkIfBungee()) {
|
||||||
|
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
|
||||||
|
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
|
||||||
|
|
||||||
this.getServer().getMessenger().registerOutgoingPluginChannel(this, channelName);
|
this.getServer().getMessenger().registerOutgoingPluginChannel(this, channelName);
|
||||||
this.getServer().getMessenger().registerIncomingPluginChannel(this, channelName, new PluginMessageReceiver(this));
|
this.getServer().getMessenger().registerIncomingPluginChannel(this, channelName, new PluginMessageReceiver(this));
|
||||||
|
registeredBungeeChannels = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
registeredBungeeChannels = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean checkIfBungee()
|
||||||
|
{
|
||||||
|
// we check if the server is Spigot/Paper (because of the spigot.yml file)
|
||||||
|
if ( !getServer().getVersion().contains( "Spigot" ) && !getServer().getVersion().contains( "Paper" ) )
|
||||||
|
{
|
||||||
|
this.getServer().getConsoleSender().sendMessage( "\u00A7ePossibly unsupported version for bungee messages detected, channels won't be enabled." );
|
||||||
|
getLogger().info("If you believe this shouldn't be the case please contact us on discord https://discord.gg/fAJ3xJg");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if ( !getServer().spigot().getConfig().getConfigurationSection("settings").getBoolean( "bungeecord" ) )
|
||||||
|
{
|
||||||
|
this.getServer().getConsoleSender().sendMessage( "\n\n\u00A7eThis server does not have BungeeCord enabled.\n" +
|
||||||
|
"If the server is already hooked to BungeeCord, please enable it into your spigot.yml as well.\n" +
|
||||||
|
"Yes this can all work without but there is a massive security vulnerability if not enabled.\n" +
|
||||||
|
"You cannot bypass this if you want bungee features enabled.\n" +
|
||||||
|
"If you don't want bungee features \u00A7rignore this message\u00A7e, it only shows on start.\n" );
|
||||||
|
|
||||||
|
getLogger().warning( "Advanced bungee features disabled for Advanced Portals as bungee isn't enabled on the server (spigot.yml)" );
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -32,16 +32,9 @@ public class PluginMessageReceiver implements PluginMessageListener {
|
|||||||
if (subchannel.equals(BungeeMessages.SERVER_DESTI)) {
|
if (subchannel.equals(BungeeMessages.SERVER_DESTI)) {
|
||||||
String targetDestination = in.readUTF();
|
String targetDestination = in.readUTF();
|
||||||
UUID bungeeUUID = UUID.fromString(in.readUTF());
|
UUID bungeeUUID = UUID.fromString(in.readUTF());
|
||||||
UUID offlineUUID = UUID.fromString(in.readUTF());
|
|
||||||
|
|
||||||
Player targetPlayer = this.plugin.getServer().getPlayer(bungeeUUID);
|
Player targetPlayer = this.plugin.getServer().getPlayer(bungeeUUID);
|
||||||
|
|
||||||
if(targetPlayer == null) {
|
|
||||||
targetPlayer = this.plugin.getServer().getPlayer(offlineUUID);
|
|
||||||
this.plugin.getServer().getConsoleSender().sendMessage(ChatColor.RED + BungeeMessages.WARNING_MESSAGE
|
|
||||||
+ "\n\nThis server is the offending server.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (targetPlayer != null) {
|
if (targetPlayer != null) {
|
||||||
Player finalTargetPlayer = targetPlayer;
|
Player finalTargetPlayer = targetPlayer;
|
||||||
plugin.getServer().getScheduler().scheduleSyncDelayedTask(plugin,
|
plugin.getServer().getScheduler().scheduleSyncDelayedTask(plugin,
|
||||||
@ -49,6 +42,9 @@ public class PluginMessageReceiver implements PluginMessageListener {
|
|||||||
20L
|
20L
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
plugin.getLogger().warning("Could not find player to teleport to destination");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -489,14 +489,19 @@ public class Portal {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (portal.getDestiation() != null) {
|
if (portal.getDestiation() != null) {
|
||||||
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
|
if(plugin.registeredBungeeChannels) {
|
||||||
outForList.writeUTF(BungeeMessages.ENTER_PORTAL);
|
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
|
||||||
outForList.writeUTF(bungeeServer);
|
outForList.writeUTF(BungeeMessages.ENTER_PORTAL);
|
||||||
outForList.writeUTF(portal.getDestiation());
|
outForList.writeUTF(bungeeServer);
|
||||||
outForList.writeUTF(player.getUniqueId().toString());
|
outForList.writeUTF(portal.getDestiation());
|
||||||
outForList.writeUTF(player.getName());
|
outForList.writeUTF(player.getUniqueId().toString());
|
||||||
|
|
||||||
|
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
plugin.getLogger().log(Level.WARNING, "You do not have bungee setup correctly. Cross server destinations won't work.");
|
||||||
|
}
|
||||||
|
|
||||||
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ByteArrayDataOutput outForSend = ByteStreams.newDataOutput();
|
ByteArrayDataOutput outForSend = ByteStreams.newDataOutput();
|
||||||
@ -568,11 +573,17 @@ public class Portal {
|
|||||||
player.removeAttachment(permissionAttachment);
|
player.removeAttachment(permissionAttachment);
|
||||||
}
|
}
|
||||||
} else if (command.startsWith("%") && plugin.getSettings().enabledCommandLevel("b")) {
|
} else if (command.startsWith("%") && plugin.getSettings().enabledCommandLevel("b")) {
|
||||||
command = command.substring(1);
|
if(plugin.registeredBungeeChannels) {
|
||||||
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
|
command = command.substring(1);
|
||||||
outForList.writeUTF(BungeeMessages.BUNGEE_COMMAND);
|
ByteArrayDataOutput outForList = ByteStreams.newDataOutput();
|
||||||
outForList.writeUTF(command);
|
outForList.writeUTF(BungeeMessages.BUNGEE_COMMAND);
|
||||||
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
|
outForList.writeUTF(command);
|
||||||
|
player.sendPluginMessage(plugin, plugin.channelName, outForList.toByteArray());
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
plugin.getLogger().log(Level.WARNING, "You do not have bungee setup correctly. For security advanced bungee features won't work.");
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
player.chat("/" + command);
|
player.chat("/" + command);
|
||||||
// player.performCommand(command);
|
// player.performCommand(command);
|
||||||
|
@ -21,7 +21,7 @@ public class EventListener implements Listener {
|
|||||||
String[] val = plugin.PlayerDestiMap.get(uuid);
|
String[] val = plugin.PlayerDestiMap.get(uuid);
|
||||||
|
|
||||||
// key: UUID (string)
|
// key: UUID (string)
|
||||||
// value: [0] targetServer, [1] targetDestination, [2] onlineUUID, [3] offlineUUID
|
// value: [0] targetServer, [1] targetDestination, [2] onlineUUID
|
||||||
|
|
||||||
if (event.getPlayer().getServer().getInfo().getName().equalsIgnoreCase(val[0])) {
|
if (event.getPlayer().getServer().getInfo().getName().equalsIgnoreCase(val[0])) {
|
||||||
|
|
||||||
@ -30,7 +30,6 @@ public class EventListener implements Listener {
|
|||||||
out.writeUTF(BungeeMessages.SERVER_DESTI);
|
out.writeUTF(BungeeMessages.SERVER_DESTI);
|
||||||
out.writeUTF(val[1]);
|
out.writeUTF(val[1]);
|
||||||
out.writeUTF(val[2]);
|
out.writeUTF(val[2]);
|
||||||
out.writeUTF(val[3]);
|
|
||||||
|
|
||||||
event.getPlayer().getServer().sendData(plugin.channelName, out.toByteArray());
|
event.getPlayer().getServer().sendData(plugin.channelName, out.toByteArray());
|
||||||
}
|
}
|
||||||
|
@ -21,7 +21,7 @@ public class PluginMessageReceiver implements Listener {
|
|||||||
|
|
||||||
@EventHandler
|
@EventHandler
|
||||||
public void onMessageReceived(PluginMessageEvent event) {
|
public void onMessageReceived(PluginMessageEvent event) {
|
||||||
if(!event.getTag().equalsIgnoreCase(plugin.channelName)) return;
|
if(!event.getTag().equalsIgnoreCase(plugin.channelName) || !(event.getSender() instanceof Server)) return;
|
||||||
|
|
||||||
ByteArrayDataInput in = ByteStreams.newDataInput(event.getData());
|
ByteArrayDataInput in = ByteStreams.newDataInput(event.getData());
|
||||||
String subChannel = in.readUTF();
|
String subChannel = in.readUTF();
|
||||||
@ -30,33 +30,11 @@ public class PluginMessageReceiver implements Listener {
|
|||||||
String targetServer = in.readUTF();
|
String targetServer = in.readUTF();
|
||||||
String targetDestination = in.readUTF();
|
String targetDestination = in.readUTF();
|
||||||
String targetUUID = in.readUTF();
|
String targetUUID = in.readUTF();
|
||||||
String targetName = in.readUTF();
|
|
||||||
|
|
||||||
String bungeeUUID; // If the bungee is offline mode it will be an offline uuid
|
plugin.PlayerDestiMap.put(targetUUID, new String[]{targetServer, targetDestination, targetUUID});
|
||||||
|
|
||||||
String offlineUUID = UUID.nameUUIDFromBytes(("OfflinePlayer:" + targetName).getBytes(Charsets.UTF_8)).toString();
|
|
||||||
|
|
||||||
if ( event.getReceiver() instanceof ProxiedPlayer )
|
|
||||||
{
|
|
||||||
ProxiedPlayer receiver = (ProxiedPlayer) event.getReceiver();
|
|
||||||
bungeeUUID = receiver.getUniqueId().toString();
|
|
||||||
if(!targetUUID.equals(bungeeUUID)) {
|
|
||||||
Server connection = (Server) event.getSender();
|
|
||||||
plugin.getLogger().warning(BungeeMessages.WARNING_MESSAGE
|
|
||||||
+ "\n\nThe server the player was sent from is the offending server.\n" +
|
|
||||||
"Server Name: " + connection.getInfo().getName());
|
|
||||||
}
|
|
||||||
targetUUID = bungeeUUID;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
plugin.getLogger().warning("There has been an issue getting the player for the teleport request.");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
plugin.PlayerDestiMap.put(targetUUID, new String[]{targetServer, targetDestination, targetUUID, offlineUUID});
|
|
||||||
|
|
||||||
String finalTargetUUID = targetUUID;
|
|
||||||
plugin.getProxy().getScheduler().schedule(plugin, () -> {
|
plugin.getProxy().getScheduler().schedule(plugin, () -> {
|
||||||
plugin.PlayerDestiMap.remove(finalTargetUUID);
|
plugin.PlayerDestiMap.remove(targetUUID);
|
||||||
}, 20, TimeUnit.SECONDS);
|
}, 20, TimeUnit.SECONDS);
|
||||||
}
|
}
|
||||||
else if (subChannel.equalsIgnoreCase(BungeeMessages.BUNGEE_COMMAND)) {
|
else if (subChannel.equalsIgnoreCase(BungeeMessages.BUNGEE_COMMAND)) {
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
main: com.sekwah.advancedportals.bungee.AdvancedPortalsPlugin
|
main: com.sekwah.advancedportals.bungee.AdvancedPortalsPlugin
|
||||||
name: AdvancedPortals
|
name: AdvancedPortals
|
||||||
version: 0.5.5
|
version: 0.5.6
|
||||||
author: sekwah41
|
author: sekwah41
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
main: com.sekwah.advancedportals.bukkit.AdvancedPortalsPlugin
|
main: com.sekwah.advancedportals.bukkit.AdvancedPortalsPlugin
|
||||||
name: AdvancedPortals
|
name: AdvancedPortals
|
||||||
version: 0.5.5
|
version: 0.5.6
|
||||||
author: sekwah41
|
author: sekwah41
|
||||||
description: An advanced portals plugin for bukkit.
|
description: An advanced portals plugin for bukkit.
|
||||||
api-version: 1.13
|
api-version: 1.13
|
||||||
|
Loading…
Reference in New Issue
Block a user