Upstream/Essentials
1
0
Fork 0
mirror of https://github.com/EssentialsX/Essentials.git synced 2024-11-06 02:51:32 +01:00
Code Issues Projects Releases Wiki Activity

Fix Essentials Signs abuse using colours. Prior to this commit, the sign creation stage could be bypassed by typing &1&1[Test] assuming that was the success-name of the Essentials Sign. This commit prevents this by checking if the top line contains any of the success-name, without color. And so if anyone tries to type &1[repair] it will be displayed as [repair], but if someone tried &1[repairs] it will be displayed as §1[repairs], as repairs is not an Essentials Sign. It might be worth noting that all signs are checked including disabled signs to prevent abuse ahead of time. So even if [repair] is disabled all colours will still be stripped from [repair].

Browse Source
This commit is contained in:
Ali Moghnieh 2016-01-02 11:51:11 +00:00
parent ab490cd588
commit 134fbdf1df
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Essentials/src/com/earth2me/essentials/signs/SignBlockListener.java
View File

@ -84,12 +84,19 @@ public class SignBlockListener implements Listener {
event.setLine(i, FormatUtil.formatString(user, "essentials.signs", event.getLine(i)));
}
final String topLine = event.getLine(0);
final String lColorlessTopLine = ChatColor.stripColor(event.getLine(0)).toLowerCase().trim();
if (lColorlessTopLine.isEmpty()) {
return;
}
//We loop through all sign types here to prevent clashes with preexisting signs later
for (Signs signs : Signs.values()) {
final EssentialsSign sign = signs.getSign();
if (topLine.endsWith(sign.getSuccessName()) && ChatColor.stripColor(topLine).equalsIgnoreCase(ChatColor.stripColor(sign.getSuccessName()))) {
event.setLine(0, ChatColor.stripColor(topLine));
// If the top line contains any of the success name (excluding colors), just remove all colours from the first line.
// This is to ensure we are only modifying possible Essentials Sign and not just removing colors from the first line of all signs.
// Top line and sign#getSuccessName() are both lowercased since contains is case-sensitive.
String lSuccessName = ChatColor.stripColor(sign.getSuccessName().toLowerCase());
if (lColorlessTopLine.contains(lSuccessName)) {
event.setLine(0, lColorlessTopLine);
}
}
}