mirror of
https://github.com/sekwah41/Advanced-Portals.git
synced 2024-11-25 12:06:17 +01:00
fix!: disable proxy detection to avoid vulnerabilities (see full commit for more info)
If you are using 1.12 or lower you are unaffected as the features causing this issue were not implemented back then. Thanks to rooter.rs for notifying me of these issues as well as helping code and test a fix for this. Velocity was unaffected by this issue if you had the plugin on the proxy though due to the likelihood that may not be the case I have decided to disable this for everyone by default If you are on bungee you will 100% want to update to this version right away. For a full writeup by roote.rs see https://roote.rs/posts/advancedportals/
This commit is contained in:
parent
8fd11f85c4
commit
8f29d203e2
41
build.gradle
41
build.gradle
@ -17,6 +17,12 @@ import org.apache.http.impl.client.HttpClients
|
|||||||
import java.util.regex.Matcher
|
import java.util.regex.Matcher
|
||||||
import java.util.regex.Pattern
|
import java.util.regex.Pattern
|
||||||
|
|
||||||
|
import java.nio.file.Files
|
||||||
|
import java.nio.file.Paths
|
||||||
|
import java.nio.file.StandardCopyOption
|
||||||
|
import java.nio.file.StandardOpenOption
|
||||||
|
|
||||||
|
|
||||||
buildscript {
|
buildscript {
|
||||||
repositories {
|
repositories {
|
||||||
maven { url "https://plugins.gradle.org/m2/" }
|
maven { url "https://plugins.gradle.org/m2/" }
|
||||||
@ -298,24 +304,29 @@ task curseforge {
|
|||||||
// releaseType = 'release'
|
// releaseType = 'release'
|
||||||
}
|
}
|
||||||
|
|
||||||
task copyPlugin {
|
/**
|
||||||
|
* Will build then copy it to the minecraft server folder for use with the launch task and dev tools plugin
|
||||||
|
*/
|
||||||
|
tasks.register('copyPlugin') {
|
||||||
|
dependsOn(build)
|
||||||
doLast {
|
doLast {
|
||||||
copy {
|
copy {
|
||||||
if (System.env.MC_SERVER_LOC == null) {
|
def sourceFilePath = Paths.get("$buildDir/libs/Advanced-Portals-${getVersion()}.jar")
|
||||||
throw new Exception('You must set the server location and jar to use')
|
def destinationFilePath = Paths.get("$buildDir/MinecraftServer/plugins/Advanced-Portals.jar")
|
||||||
|
|
||||||
|
println "Handling file: $destinationFilePath"
|
||||||
|
|
||||||
|
byte[] newContent = Files.readAllBytes(sourceFilePath)
|
||||||
|
|
||||||
|
if (Files.exists(destinationFilePath)) {
|
||||||
|
println "File exists. Overwriting with new binary content."
|
||||||
|
|
||||||
|
Files.write(destinationFilePath, newContent, StandardOpenOption.TRUNCATE_EXISTING)
|
||||||
|
} else {
|
||||||
|
println "File does not exist. Copying from source."
|
||||||
|
|
||||||
|
Files.copy(sourceFilePath, destinationFilePath, StandardCopyOption.REPLACE_EXISTING)
|
||||||
}
|
}
|
||||||
println "$buildDir/libs/Advanced-Portals-${version}.jar"
|
|
||||||
println "${System.env.MC_SERVER_LOC}/plugins/Advanced-Portals-${version}.jar"
|
|
||||||
try {
|
|
||||||
delete fileTree("${System.env.MC_SERVER_LOC}/plugins/") {
|
|
||||||
include "*.jar"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (RuntimeException e) {
|
|
||||||
println e.getLocalizedMessage()
|
|
||||||
}
|
|
||||||
from file("$buildDir/libs/Advanced-Portals-${version}.jar")
|
|
||||||
into file("${System.env.MC_SERVER_LOC}/plugins/")
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -25,9 +25,7 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
|
|
||||||
private Settings settings;
|
private Settings settings;
|
||||||
|
|
||||||
protected boolean isProxyPluginEnabled = false;
|
protected boolean registerProxyChannels = false;
|
||||||
|
|
||||||
protected boolean forceRegisterProxyChannels = false;
|
|
||||||
protected boolean disableProxyWarning = false;
|
protected boolean disableProxyWarning = false;
|
||||||
|
|
||||||
private boolean worldEditActive = false;
|
private boolean worldEditActive = false;
|
||||||
@ -51,7 +49,7 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
config.saveConfig();
|
config.saveConfig();
|
||||||
|
|
||||||
FileConfiguration pluginConfig = config.getConfig();
|
FileConfiguration pluginConfig = config.getConfig();
|
||||||
forceRegisterProxyChannels = pluginConfig.getBoolean(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, false);
|
registerProxyChannels = pluginConfig.getBoolean(ConfigHelper.ENABLE_PROXY_SUPPORT, false);
|
||||||
disableProxyWarning = pluginConfig.getBoolean(ConfigHelper.DISABLE_PROXY_WARNING, false);
|
disableProxyWarning = pluginConfig.getBoolean(ConfigHelper.DISABLE_PROXY_WARNING, false);
|
||||||
|
|
||||||
ConfigAccessor portalConfig = new ConfigAccessor(this, "portals.yml");
|
ConfigAccessor portalConfig = new ConfigAccessor(this, "portals.yml");
|
||||||
@ -118,15 +116,11 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
private void setupBungee() {
|
private void setupBungee() {
|
||||||
// Enables very basic bungee support if not setup right
|
// Enables very basic bungee support if not setup right
|
||||||
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
|
this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord");
|
||||||
if(forceRegisterProxyChannels || this.checkIfBungee()) {
|
if(registerProxyChannels || this.checkIfBungee()) {
|
||||||
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
|
this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this));
|
||||||
|
|
||||||
this.getServer().getMessenger().registerOutgoingPluginChannel(this, BungeeMessages.CHANNEL_NAME);
|
this.getServer().getMessenger().registerOutgoingPluginChannel(this, BungeeMessages.CHANNEL_NAME);
|
||||||
this.getServer().getMessenger().registerIncomingPluginChannel(this, BungeeMessages.CHANNEL_NAME, new PluginMessageReceiver(this));
|
this.getServer().getMessenger().registerIncomingPluginChannel(this, BungeeMessages.CHANNEL_NAME, new PluginMessageReceiver(this));
|
||||||
isProxyPluginEnabled = true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
isProxyPluginEnabled = false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -135,7 +129,7 @@ public class AdvancedPortalsPlugin extends JavaPlugin {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public boolean isProxyPluginEnabled() {
|
public boolean isProxyPluginEnabled() {
|
||||||
return isProxyPluginEnabled;
|
return registerProxyChannels;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean checkIfBungee()
|
private boolean checkIfBungee()
|
||||||
|
@ -8,6 +8,7 @@ public class ConfigHelper {
|
|||||||
|
|
||||||
public static final String COMMAND_LOGS = "CommandLogs";
|
public static final String COMMAND_LOGS = "CommandLogs";
|
||||||
|
|
||||||
|
public static final String ENABLE_PROXY_SUPPORT = "EnableProxySupport";
|
||||||
public static final String FORCE_ENABLE_PROXY_SUPPORT = "ForceEnableProxySupport";
|
public static final String FORCE_ENABLE_PROXY_SUPPORT = "ForceEnableProxySupport";
|
||||||
public static final String DISABLE_PROXY_WARNING = "DisableProxyWarning";
|
public static final String DISABLE_PROXY_WARNING = "DisableProxyWarning";
|
||||||
|
|
||||||
@ -40,6 +41,11 @@ public class ConfigHelper {
|
|||||||
config.set(ConfigHelper.CONFIG_VERSION, "0.5.13");
|
config.set(ConfigHelper.CONFIG_VERSION, "0.5.13");
|
||||||
config.set(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, false);
|
config.set(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, false);
|
||||||
config.set(ConfigHelper.PROXY_TELEPORT_DELAY, 0);
|
config.set(ConfigHelper.PROXY_TELEPORT_DELAY, 0);
|
||||||
|
update();
|
||||||
|
} else if(configVersion.equals("0.5.13")) {
|
||||||
|
config.set(ConfigHelper.CONFIG_VERSION, "0.5.14");
|
||||||
|
config.set(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, null);
|
||||||
|
config.set(ConfigHelper.ENABLE_PROXY_SUPPORT, config.getBoolean(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -164,8 +164,6 @@ public class Destination {
|
|||||||
WarpEffects.activateSound(player);
|
WarpEffects.activateSound(player);
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println(PORTAL_MESSAGE_DISPLAY);
|
|
||||||
|
|
||||||
if (PORTAL_MESSAGE_DISPLAY == 1) {
|
if (PORTAL_MESSAGE_DISPLAY == 1) {
|
||||||
player.sendMessage("");
|
player.sendMessage("");
|
||||||
player.sendMessage(PluginMessages.customPrefix + PluginMessages.getWarpMessage(dest));
|
player.sendMessage(PluginMessages.customPrefix + PluginMessages.getWarpMessage(dest));
|
||||||
|
@ -6,21 +6,29 @@ import com.sekwah.advancedportals.bukkit.AdvancedPortalsPlugin;
|
|||||||
import com.sekwah.advancedportals.bukkit.config.ConfigAccessor;
|
import com.sekwah.advancedportals.bukkit.config.ConfigAccessor;
|
||||||
import com.sekwah.advancedportals.bukkit.config.ConfigHelper;
|
import com.sekwah.advancedportals.bukkit.config.ConfigHelper;
|
||||||
import com.sekwah.advancedportals.bukkit.destinations.Destination;
|
import com.sekwah.advancedportals.bukkit.destinations.Destination;
|
||||||
|
import com.sekwah.advancedportals.bukkit.PluginMessages;
|
||||||
import com.sekwah.advancedportals.bungee.BungeeMessages;
|
import com.sekwah.advancedportals.bungee.BungeeMessages;
|
||||||
import org.bukkit.entity.Player;
|
import org.bukkit.entity.Player;
|
||||||
import org.bukkit.plugin.messaging.PluginMessageListener;
|
import org.bukkit.plugin.messaging.PluginMessageListener;
|
||||||
|
import org.bukkit.Bukkit;
|
||||||
|
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
public class PluginMessageReceiver implements PluginMessageListener {
|
public class PluginMessageReceiver implements PluginMessageListener {
|
||||||
|
|
||||||
|
public static final String ENABLE_MESSAGE = PluginMessages.customPrefixFail + "§c Warning! To avoid vulnerabilities we have disabled proxy messages by default. To enable full proxy features, please change §eEnableProxySupport §cin the config.yml and ensure you have the plugin installed on the proxy.";
|
||||||
|
public static final String WARNING_MESSAGE = PluginMessages.customPrefixFail + "§c Warning! A proxy message was received but proxy plugin support is not enabled. To enable it, please set §eEnableProxySupport §cto true and install the plugin on the proxy. If you do not remember having the proxy plugin, please ignore this message as it may be someone trying to attack your server.";
|
||||||
private final AdvancedPortalsPlugin plugin;
|
private final AdvancedPortalsPlugin plugin;
|
||||||
private final int teleportDelay;
|
private final int teleportDelay;
|
||||||
|
private boolean isNotifiedAboutEnabling = false;
|
||||||
|
|
||||||
public PluginMessageReceiver(AdvancedPortalsPlugin plugin) {
|
public PluginMessageReceiver(AdvancedPortalsPlugin plugin) {
|
||||||
this.plugin = plugin;
|
this.plugin = plugin;
|
||||||
ConfigAccessor config = new ConfigAccessor(plugin, "config.yml");
|
ConfigAccessor config = new ConfigAccessor(plugin, "config.yml");
|
||||||
teleportDelay = config.getConfig().getInt(ConfigHelper.PROXY_TELEPORT_DELAY, 0);
|
teleportDelay = config.getConfig().getInt(ConfigHelper.PROXY_TELEPORT_DELAY, 0);
|
||||||
|
if(!plugin.isProxyPluginEnabled()) {
|
||||||
|
Bukkit.getConsoleSender().sendMessage(ENABLE_MESSAGE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -30,6 +38,19 @@ public class PluginMessageReceiver implements PluginMessageListener {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!plugin.isProxyPluginEnabled()) {
|
||||||
|
if(!isNotifiedAboutEnabling) {
|
||||||
|
for (Player p : Bukkit.getOnlinePlayers()) {
|
||||||
|
if (!p.isOp()) continue;
|
||||||
|
p.sendMessage(WARNING_MESSAGE);
|
||||||
|
}
|
||||||
|
Bukkit.getConsoleSender().sendMessage(WARNING_MESSAGE);
|
||||||
|
|
||||||
|
isNotifiedAboutEnabling = true;
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
ByteArrayDataInput in = ByteStreams.newDataInput(message);
|
ByteArrayDataInput in = ByteStreams.newDataInput(message);
|
||||||
String subchannel = in.readUTF();
|
String subchannel = in.readUTF();
|
||||||
|
|
||||||
@ -65,23 +86,4 @@ public class PluginMessageReceiver implements PluginMessageListener {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Example forward packet.
|
|
||||||
*
|
|
||||||
* Construct like the forge packets.
|
|
||||||
*
|
|
||||||
* out.writeUTF("Forward"); // So BungeeCord knows to forward it
|
|
||||||
out.writeUTF("ALL");
|
|
||||||
out.writeUTF("MyChannel"); // The channel name to check if this your data
|
|
||||||
|
|
||||||
ByteArrayOutputStream msgbytes = new ByteArrayOutputStream();
|
|
||||||
DataOutputStream msgout = new DataOutputStream(msgbytes);
|
|
||||||
msgout.writeUTF("Some kind of data here"); // You can do anything you want with msgout
|
|
||||||
msgout.writeShort(123);
|
|
||||||
|
|
||||||
out.writeShort(msgbytes.toByteArray().length);
|
|
||||||
out.write(msgbytes.toByteArray());
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# To set this file back to its default state just delete it and reload the server or restart it!
|
# To set this file back to its default state just delete it and reload the server or restart it!
|
||||||
|
|
||||||
# Will update whenever there is a config update from an older version so may not be the latest plugin version
|
# Will update whenever there is a config update from an older version so may not be the latest plugin version
|
||||||
ConfigVersion: 0.5.13
|
ConfigVersion: 0.5.14
|
||||||
|
|
||||||
# Set to true if you want the normal axes to work normally but the ones given with /portals selector or wand will still work though
|
# Set to true if you want the normal axes to work normally but the ones given with /portals selector or wand will still work though
|
||||||
# It can be useful if people with permission want to use an iron axe on a survival server
|
# It can be useful if people with permission want to use an iron axe on a survival server
|
||||||
@ -76,8 +76,8 @@ CommandLevels: opcb
|
|||||||
# Should the commands being triggered log in the console? (If you have an active server it may cause a bit of spam)
|
# Should the commands being triggered log in the console? (If you have an active server it may cause a bit of spam)
|
||||||
CommandLogs: true
|
CommandLogs: true
|
||||||
|
|
||||||
# If you want to use bungee or velocity, and it is not automatically detected (make sure you have advanced portals on the proxy, especially with velocity)
|
# If you want to use bungee or velocity features
|
||||||
ForceEnableProxySupport: false
|
EnableProxySupport: false
|
||||||
|
|
||||||
# How many seconds after the proxy event fires should the player be teleported (should help with on spawn plugins and such)
|
# How many seconds after the proxy event fires should the player be teleported (should help with on spawn plugins and such)
|
||||||
# 0 is disabled and anything higher causes a delay.
|
# 0 is disabled and anything higher causes a delay.
|
||||||
|
Loading…
Reference in New Issue
Block a user