mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-10-22 12:30:08 +02:00
Check permissions when performing tab completion
- Fixes advisory GHSA-cchm-2r9h-xvhv
This commit is contained in:
parent
365ea2d333
commit
ad98e28e4c
@ -140,13 +140,21 @@ public class PlanCommand {
|
||||
}
|
||||
|
||||
public List<String> serverNames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||
if (sender.hasPermission(Permissions.SERVER)) {
|
||||
@Untrusted String asString = arguments.concatenate(" ");
|
||||
return tabCompleteCache.getMatchingServerIdentifiers(asString);
|
||||
}
|
||||
return List.of();
|
||||
}
|
||||
|
||||
private List<String> playerNames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||
if (sender.hasPermission(Permissions.PLAYER_OTHER)) {
|
||||
@Untrusted String asString = arguments.concatenate(" ");
|
||||
return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
|
||||
} else if (sender.hasPermission(Permissions.PLAYER_SELF)) {
|
||||
return sender.getPlayerName().map(List::of).orElse(List.of());
|
||||
}
|
||||
return List.of();
|
||||
}
|
||||
|
||||
private Subcommand serverCommand() {
|
||||
@ -403,6 +411,9 @@ public class PlanCommand {
|
||||
}
|
||||
|
||||
private List<String> getBackupFilenames(CMDSender sender, @Untrusted Arguments arguments) {
|
||||
if (!sender.hasPermission(Permissions.DATA_RESTORE)) {
|
||||
return List.of();
|
||||
}
|
||||
if (arguments.get(1).isPresent()) {
|
||||
return DBType.names();
|
||||
}
|
||||
@ -531,6 +542,9 @@ public class PlanCommand {
|
||||
}
|
||||
|
||||
private List<String> webGroupTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
|
||||
if (!sender.hasPermission(Permissions.SET_GROUP)) {
|
||||
return List.of();
|
||||
}
|
||||
Optional<String> groupArgument = arguments.get(1);
|
||||
if (groupArgument.isPresent()) {
|
||||
return tabCompleteCache.getMatchingWebGroupNames(groupArgument.get());
|
||||
|
Loading…
Reference in New Issue
Block a user