Upstream/Multiverse-Core
1
0
Fork 0
mirror of https://github.com/Multiverse/Multiverse-Core.git synced 2025-01-23 00:31:25 +01:00
Code Issues Projects Releases Wiki Activity

Fix creation and import Exploit (#2353)

Browse Source 
Through this fix you can avoid deleting of important folders.
This commit is contained in:
xSavior_of_God 2021-05-16 06:56:14 +02:00 committed by GitHub
parent 28cee291c6
commit f72cc6764b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/main/java/com/onarandombox/MultiverseCore/commands/CreateCommand.java
View File

@ -46,10 +46,15 @@ public class CreateCommand extends MultiverseCommand {
this.addCommandExample("/mv create " + ChatColor.GOLD + "moonworld" + ChatColor.GREEN + " normal" + ChatColor.DARK_AQUA + " -g BukkitFullOfMoon");
this.worldManager = this.plugin.getMVWorldManager();
}
private String trimWorldName(String userInput) {
// Removes relative paths.
return userInput.replaceAll("^[./\\\\]+", "");
}
@Override
public void runCommand(CommandSender sender, List<String> args) {
String worldName = args.get(0);
String worldName = trimWorldName(args.get(0));
File worldFile = new File(this.plugin.getServer().getWorldContainer(), worldName);
String env = args.get(1);
String seed = CommandHandler.getFlag("-s", args);
@ -66,7 +71,13 @@ public class CreateCommand extends MultiverseCommand {
useSpawnAdjust = false;
}
}
// Make sure the world name doesn't contain the words 'plugins' and '.dat'
if(worldName.contains("plugins")||worldName.contains(".dat")){
sender.sendMessage(ChatColor.RED + "Multiverse cannot create a world that contains 'plugins' or '.dat'");
return;
}
if (this.worldManager.isMVWorld(worldName)) {
sender.sendMessage(ChatColor.RED + "Multiverse cannot create " + ChatColor.GOLD + ChatColor.UNDERLINE
+ "another" + ChatColor.RESET + ChatColor.RED + " world named " + worldName);
@ -117,4 +128,4 @@ public class CreateCommand extends MultiverseCommand {
Command.broadcastCommandMessage(sender, "FAILED.");
}
}
}
}

8
src/main/java/com/onarandombox/MultiverseCore/commands/ImportCommand.java
View File

@ -81,6 +81,12 @@ public class ImportCommand extends MultiverseCommand {
this.showHelp(sender);
return;
}
// Make sure the world name doesn't contain the words 'plugins' and '.dat'
if(worldName.contains("plugins")||worldName.contains(".dat")){
sender.sendMessage(ChatColor.RED + "Multiverse cannot create a world that contains 'plugins' or '.dat'");
return;
}
// Make sure we don't already know about this world.
if (this.worldManager.isMVWorld(worldName)) {
@ -128,4 +134,4 @@ public class ImportCommand extends MultiverseCommand {
Command.broadcastCommandMessage(sender, ChatColor.RED + "Failed!");
}
}
}
}