Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Shift string safely into Log class, finish hack substitution string

This commit is contained in:
Mike Primm 2021-12-24 00:08:52 -06:00
parent 9e602f50d6
commit bd4a34e2ae
18 changed files with 59 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
DynmapCore/src/main/java/org/dynmap/JsonFileClientUpdateComponent.java
View File

@ -49,8 +49,6 @@ public class JsonFileClientUpdateComponent extends ClientUpdateComponent {
private MapStorage storage;
private File baseStandaloneDir;
private String safeString(String s) { return s.replaceAll("\\$", "_"); }
private static class FileToWrite {
String filename;
byte[] content;
@ -422,17 +420,17 @@ public class JsonFileClientUpdateComponent extends ClientUpdateComponent {
isip = false;
if(checkuserban) {
if(core.getServer().isPlayerBanned(name)) {
Log.info("Ignore message from '" + ip + "' - banned player (" + safeString(name) + ")");
Log.info("Ignore message from '" + ip + "' - banned player (" + name + ")");
ok = false;
}
}
if(chat_perms && !core.getServer().checkPlayerPermission(name, "webchat")) {
Log.info("Rejected web chat from " + ip + ": not permitted (" + safeString(name) + ")");
Log.info("Rejected web chat from " + ip + ": not permitted (" + name + ")");
ok = false;
}
}
else if(requireplayerloginip) {
Log.info("Ignore message from '" + safeString(name) + "' - no matching player login recorded");
Log.info("Ignore message from '" + name + "' - no matching player login recorded");
ok = false;
}
}

9
DynmapCore/src/main/java/org/dynmap/Log.java
View File

@ -10,6 +10,9 @@ public class Log {
private static String prefix = "";
private static DynmapLogger dlog = null;
public static boolean verbose = false;
public static String safeString(String s) { return s.replaceAll("[\\${}]", "_"); }
public static void setLogger(Logger logger, String pre) {
log = logger;
if((pre != null) && (pre.length() > 0))
@ -24,6 +27,7 @@ public class Log {
log.setParent(parent);
}
public static void info(String msg) {
msg = safeString(msg);
if (dlog != null) {
dlog.info(msg);
}
@ -33,6 +37,7 @@ public class Log {
}
public static void verboseinfo(String msg) {
if(verbose) {
msg = safeString(msg);
if (dlog != null) {
dlog.info(msg);
}
@ -50,6 +55,7 @@ public class Log {
}
}
public static void severe(String msg) {
msg = safeString(msg);
if (dlog != null) {
dlog.severe(msg);
}
@ -58,6 +64,7 @@ public class Log {
}
}
public static void severe(String msg, Throwable e) {
msg = safeString(msg);
if (dlog != null) {
dlog.severe(msg, e);
}
@ -66,6 +73,7 @@ public class Log {
}
}
public static void warning(String msg) {
msg = safeString(msg);
if (dlog != null) {
dlog.warning(msg);
}
@ -74,6 +82,7 @@ public class Log {
}
}
public static void warning(String msg, Throwable e) {
msg = safeString(msg);
if (dlog != null) {
dlog.warning(msg, e);
}

1
DynmapCore/src/main/java/org/dynmap/SimpleWebChatComponent.java
View File

@ -45,6 +45,7 @@ public class SimpleWebChatComponent extends Component {
@Override
public void chatEvent(DynmapPlayer p, String msg) {
if(core.disable_chat_to_web) return;
msg = core.scanAndReplaceLog4JMacro(msg);
if(core.mapManager != null)
core.mapManager.pushUpdate(new Client.ChatMessage("player", "", p.getDisplayName(), msg, p.getName()));
}

9
DynmapCore/src/main/java/org/dynmap/servlet/SendMessageServlet.java
View File

@ -52,7 +52,6 @@ public class SendMessageServlet extends HttpServlet {
public DynmapCore core;
public HashSet<String> proxyaddress = new HashSet<String>();
private String safeString(String s) { return s.replaceAll("\\$", "_"); }
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
byte[] bytes;
@ -66,7 +65,7 @@ public class SendMessageServlet extends HttpServlet {
}
else if(chat_requires_login && (!userID.equals(LoginServlet.USERID_GUEST)) && chat_perms &&
(!core.checkPermission(userID, "webchat"))) {
Log.info("Rejected web chat by " + safeString(userID) + ": not permitted");
Log.info("Rejected web chat by " + userID + ": not permitted");
error = "not-permitted";
}
else {
@ -119,20 +118,20 @@ public class SendMessageServlet extends HttpServlet {
String id = ids.get(0);
if (check_user_ban) {
if (core.getServer().isPlayerBanned(id)) {
Log.info("Ignore message from '" + safeString(message.name) + "' - banned player (" + id + ")");
Log.info("Ignore message from '" + message.name + "' - banned player (" + id + ")");
error = "not-allowed";
ok = false;
}
}
if (chat_perms && !core.getServer().checkPlayerPermission(id, "webchat")) {
Log.info("Rejected web chat from '" + safeString(message.name) + "': not permitted (" + id + ")");
Log.info("Rejected web chat from '" + message.name + "': not permitted (" + id + ")");
error = "not-allowed";
ok = false;
}
message.name = id;
isip = false;
} else if (require_player_login_ip) {
Log.info("Ignore message from '" + safeString(message.name) + "' - no matching player login recorded");
Log.info("Ignore message from '" + message.name + "' - no matching player login recorded");
error = "not-allowed";
ok = false;
}

3
fabric-1.14.4/src/main/resources/configuration.txt
View File

@ -459,3 +459,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.15.2/src/main/resources/configuration.txt
View File

@ -459,3 +459,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.16.4/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.17.1/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.18/src/main/resources/configuration.txt
View File

@ -465,3 +465,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.11.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.12.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.13.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.14.4/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.15.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.16.5/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.17.1/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.18/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data
dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
spigot/src/main/resources/configuration.txt
View File

@ -501,3 +501,6 @@ dump-missing-blocks: false
# your worlds before running with this setting enabled (set to true)
#
#migrate-chunks: true
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"