mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-10-22 12:30:08 +02:00
Check permissions when performing tab completion
- Fixes advisory GHSA-cchm-2r9h-xvhv
This commit is contained in:
parent
365ea2d333
commit
ad98e28e4c
@ -140,13 +140,21 @@ public class PlanCommand {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public List<String> serverNames(CMDSender sender, @Untrusted Arguments arguments) {
|
public List<String> serverNames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||||
@Untrusted String asString = arguments.concatenate(" ");
|
if (sender.hasPermission(Permissions.SERVER)) {
|
||||||
return tabCompleteCache.getMatchingServerIdentifiers(asString);
|
@Untrusted String asString = arguments.concatenate(" ");
|
||||||
|
return tabCompleteCache.getMatchingServerIdentifiers(asString);
|
||||||
|
}
|
||||||
|
return List.of();
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> playerNames(CMDSender sender, @Untrusted Arguments arguments) {
|
private List<String> playerNames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||||
@Untrusted String asString = arguments.concatenate(" ");
|
if (sender.hasPermission(Permissions.PLAYER_OTHER)) {
|
||||||
return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
|
@Untrusted String asString = arguments.concatenate(" ");
|
||||||
|
return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
|
||||||
|
} else if (sender.hasPermission(Permissions.PLAYER_SELF)) {
|
||||||
|
return sender.getPlayerName().map(List::of).orElse(List.of());
|
||||||
|
}
|
||||||
|
return List.of();
|
||||||
}
|
}
|
||||||
|
|
||||||
private Subcommand serverCommand() {
|
private Subcommand serverCommand() {
|
||||||
@ -403,6 +411,9 @@ public class PlanCommand {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private List<String> getBackupFilenames(CMDSender sender, @Untrusted Arguments arguments) {
|
private List<String> getBackupFilenames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||||
|
if (!sender.hasPermission(Permissions.DATA_RESTORE)) {
|
||||||
|
return List.of();
|
||||||
|
}
|
||||||
if (arguments.get(1).isPresent()) {
|
if (arguments.get(1).isPresent()) {
|
||||||
return DBType.names();
|
return DBType.names();
|
||||||
}
|
}
|
||||||
@ -531,6 +542,9 @@ public class PlanCommand {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private List<String> webGroupTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
|
private List<String> webGroupTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
|
||||||
|
if (!sender.hasPermission(Permissions.SET_GROUP)) {
|
||||||
|
return List.of();
|
||||||
|
}
|
||||||
Optional<String> groupArgument = arguments.get(1);
|
Optional<String> groupArgument = arguments.get(1);
|
||||||
if (groupArgument.isPresent()) {
|
if (groupArgument.isPresent()) {
|
||||||
return tabCompleteCache.getMatchingWebGroupNames(groupArgument.get());
|
return tabCompleteCache.getMatchingWebGroupNames(groupArgument.get());
|
||||||
|
Loading…
Reference in New Issue
Block a user