Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2025-02-09 08:51:44 +01:00
Code Issues Projects Releases Wiki Activity

Prevent malicious join address packet from breaking session serialization

Browse Source
This commit is contained in:
Aurora Lahtela 2023-01-15 09:01:28 +02:00
parent 38785a9505
commit b0a1bc1fb1
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Plan/common/src/main/java/com/djrapitops/plan/gathering/domain/FinishedSession.java
View File

@ -196,8 +196,10 @@ public class FinishedSession implements DateHolder {
getExtraData(PlayerKills.class).orElseGet(PlayerKills::new).toJson() + ';' + getExtraData(PlayerKills.class).orElseGet(PlayerKills::new).toJson() + ';' +
getExtraData(MobKillCounter.class).orElseGet(MobKillCounter::new).toJson() + ';' + getExtraData(MobKillCounter.class).orElseGet(MobKillCounter::new).toJson() + ';' +
getExtraData(DeathCounter.class).orElseGet(DeathCounter::new).toJson() + ';' + getExtraData(DeathCounter.class).orElseGet(DeathCounter::new).toJson() + ';' +
// Join address contains @Untrusted data // Join address contains @Untrusted data so possible ; needs to be neutralized
getExtraData(JoinAddress.class).map(JoinAddress::getAddress).orElse(JoinAddressTable.DEFAULT_VALUE_FOR_LOOKUP) + ';' + getExtraData(JoinAddress.class).map(JoinAddress::getAddress)
.map(address -> address.replace(';', ':'))
.orElse(JoinAddressTable.DEFAULT_VALUE_FOR_LOOKUP) + ';' +
getExtraData(PlayerName.class).map(PlayerName::get).orElseGet(playerUUID::toString); getExtraData(PlayerName.class).map(PlayerName::get).orElseGet(playerUUID::toString);
} }