Any file could be downloaded as long as the webserver claimed they were
images. This can allow a compromised or malicious server to serve any
kind of data to the requesting server, including executable code.
The risk for this being exploited is very minimal, the downloaded files
can't be executed or used for anything malicious without either another
exploit or additional actions by a malicious, compromised or
non-suspecting user.
Nethertheless, this update adds an additional verification layer making
sure the downloaded file is a valid image file. It additionally stores
the image as PNG on disk, regardless of the filetype of the download,
stripping the file of potential "baggage" as you might find in polyglot
files.
As a general rule of thumb you should
* always use a secure connection to download files (https)
* only give trusted and properly secured users access to the download
functionality
* only download from trusted sites
* preferably upload the images manually
* made item used to toggle fixed/visible configurable
* fix interaction with toggle item when permission is lacking
* fix exception thrown when maps.yml doesn't exist
- supports 1.13 and up
- support bottom/top side placement for 1.14+
- support for fixed/invisible property in 1.16+
- complete UX rework
- better command structure
- more colors
- better documentation
- removed fastsend, since it's obsolete in modern version
- GitHub Actions Continuous Integration
Huge shoutout to BaronyCraft for contributing these features!
- Prevent users from escaping the /images folder
- allow reloading images from console
- cancel placement by right clicking air (requires item in hand)
- allow downloading images from the web to the /images folder
-- /imagemap <fileName> download <URL>
-- requires imagemap.download permission
- /imagemap <fileName> info command to get dimensions of image
- display space requirements before placement
- added scale parameter
-- /imagemap <fileName> scale <tilesX> <tilesY>
-- scales to fit in given constraints, but keeps aspect ratio
Adjusted BaronyCraft's code for a release
- check for RIGHT_CLICK_AIR event to cancel selection (requires item in
hand)
- changed some messages a bit
- formatted the code to be more in line with my style