mirror of
https://github.com/PaperMC/Paper.git
synced 2024-12-24 18:07:39 +01:00
Fixed a minecraft exploit allowing anyone to pick their username
This commit is contained in:
parent
e8e74992cb
commit
e0d8c1d7ac
37
src/main/java/net/minecraft/server/ThreadLoginVerifier.java
Normal file
37
src/main/java/net/minecraft/server/ThreadLoginVerifier.java
Normal file
@ -0,0 +1,37 @@
|
||||
package net.minecraft.server;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
import java.net.URL;
|
||||
import java.net.URLEncoder;
|
||||
|
||||
class ThreadLoginVerifier extends Thread {
|
||||
|
||||
final Packet1Login a;
|
||||
|
||||
final NetLoginHandler b;
|
||||
|
||||
ThreadLoginVerifier(NetLoginHandler netloginhandler, Packet1Login packet1login) {
|
||||
this.b = netloginhandler;
|
||||
this.a = packet1login;
|
||||
}
|
||||
|
||||
public void run() {
|
||||
try {
|
||||
String s = NetLoginHandler.a(this.b);
|
||||
// Craftbukkit
|
||||
URL url = new URL("http://www.minecraft.net/game/checkserver.jsp?user=" + URLEncoder.encode(this.a.b, "UTF-8") + "&serverId=" + URLEncoder.encode(s, "UTF-8"));
|
||||
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(url.openStream()));
|
||||
String s1 = bufferedreader.readLine();
|
||||
|
||||
bufferedreader.close();
|
||||
if (s1.equals("YES")) {
|
||||
NetLoginHandler.a(this.b, this.a);
|
||||
} else {
|
||||
this.b.a("Failed to verify username!");
|
||||
}
|
||||
} catch (Exception exception) {
|
||||
exception.printStackTrace();
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user