Merge pull request #196 from mikeprimm/master

Fix player position security problems
This commit is contained in:
mikeprimm 2011-06-02 22:46:29 -07:00
commit 684376889e
4 changed files with 49 additions and 7 deletions

View File

@ -5,11 +5,13 @@ components:
- class: org.dynmap.InternalClientUpdateComponent
sendhealth: true
sendposition: true
allowwebchat: true
webchat-interval: 5
#- class: org.dynmap.JsonFileClientUpdateComponent
# writeinterval: 1
# sendhealth: true
# sendposition: true
# allowwebchat: false
- class: org.dynmap.SimpleWebChatComponent
@ -130,6 +132,8 @@ templates:
# To render a world as a "night view", set shadowstrength and ambientlight
# shadowstrength: 1.0
# ambientlight: 4
# To render both night and day versions of tiles (when ambientlight is set), set true
# night-and-day: true
# Option to turn on transparency support (off by default) - slows render
# transparency: true
- class: org.dynmap.kzedmap.KzedMap
@ -218,6 +222,8 @@ worlds:
# # To render a world as a "night view", set shadowstrength and ambientlight
# # shadowstrength: 1.0
# # ambientlight: 4
# # To render both night and day versions of tiles (when ambientlight is set), set true
# # night-and-day: true
# # Option to turn on transparency support (off by default) - slows render
# # transparency: true
# - class: org.dynmap.kzedmap.KzedMap

View File

@ -40,14 +40,29 @@ public class ClientUpdateComponent extends Component {
s(jp, "type", "player");
s(jp, "name", ChatColor.stripColor(p.getDisplayName()));
s(jp, "account", p.getName());
/* Don't leak player location for world not visible on maps, or if sendposition disbaled */
boolean player_visible = MapManager.mapman.worldsLookup.containsKey(p.getWorld().getName());
if(configuration.getBoolean("sendpositon", true) && player_visible) {
s(jp, "world", p.getWorld().getName());
s(jp, "x", pl.getX());
s(jp, "y", pl.getY());
s(jp, "z", pl.getZ());
if (configuration.getBoolean("sendhealth", false)) {
}
else {
s(jp, "world", "-some-other-bogus-world-");
s(jp, "x", 0.0);
s(jp, "y", 64.0);
s(jp, "z", 0.0);
}
/* Only send health if enabled AND we're on visible world */
if (configuration.getBoolean("sendhealth", false) && player_visible) {
s(jp, "health", p.getHealth());
s(jp, "armor", Armor.getArmorPoints(p));
}
else {
s(jp, "health", 0);
s(jp, "armor", 0);
}
a(u, "players", jp);
}

View File

@ -7,6 +7,7 @@ var maptypes = {};
componentconstructors['testcomponent'] = function(dynmap, configuration) {
console.log('initialize');
$(dynmap).bind('worldchanged', function() { console.log('worldchanged'); });
$(dynmap).bind('mapchanging', function() { console.log('mapchanging'); });
$(dynmap).bind('mapchanged', function() { console.log('mapchanged'); });
$(dynmap).bind('zoomchanged', function() { console.log('zoomchanged'); });
$(dynmap).bind('worldupdating', function() { console.log('worldupdating'); });
@ -327,6 +328,7 @@ DynMap.prototype = {
if (me.maptype === map) {
return;
}
$(me).trigger('mapchanging');
if (me.maptype) {
$('.compass').removeClass('compass_' + me.maptype.name);
}
@ -443,7 +445,7 @@ DynMap.prototype = {
me.map.setMapTypeId('none');
window.setTimeout(function() {
me.map.setMapTypeId(mtid);
}, 1);
}, 0.1);
}
}

View File

@ -58,8 +58,8 @@ componentconstructors['playermarkers'] = function(dynmap, configuration) {
$(dynmap).bind('playerupdated', function(event, player) {
// Update the marker.
var markerPosition = dynmap.map.getProjection().fromWorldToLatLng(player.location.x, player.location.y, player.location.z);
player.marker.toggle(dynmap.world === player.location.world);
player.marker.setPosition(markerPosition);
player.marker.toggle(dynmap.world === player.location.world);
// Update health
if (configuration.showplayerhealth) {
if (player.health !== undefined && player.armor !== undefined) {
@ -71,4 +71,23 @@ componentconstructors['playermarkers'] = function(dynmap, configuration) {
}
}
});
// Remove marker on start of map change
$(dynmap).bind('mapchanging', function(event) {
var name;
for(name in dynmap.players) {
var player = dynmap.players[name];
// Turn off marker - let update turn it back on
player.marker.toggle(false);
}
});
// Remove marker on map change - let update place it again
$(dynmap).bind('mapchanged', function(event) {
var name;
for(name in dynmap.players) {
var player = dynmap.players[name];
var markerPosition = dynmap.map.getProjection().fromWorldToLatLng(player.location.x, player.location.y, player.location.z);
player.marker.setPosition(markerPosition);
player.marker.toggle(dynmap.world === player.location.world);
}
});
};