Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2024-11-23 18:55:14 +01:00
Code Issues Projects Releases Wiki Activity

Shift string safely into Log class, finish hack substitution string

Browse Source
This commit is contained in:
Mike Primm 2021-12-24 00:08:52 -06:00
parent 9e602f50d6
commit bd4a34e2ae
18 changed files with 59 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
DynmapCore/src/main/java/org/dynmap/JsonFileClientUpdateComponent.java
View File

@ -49,8 +49,6 @@ public class JsonFileClientUpdateComponent extends ClientUpdateComponent {
private MapStorage storage; private MapStorage storage;
private File baseStandaloneDir; private File baseStandaloneDir;
private String safeString(String s) { return s.replaceAll("\\$", "_"); }
private static class FileToWrite { private static class FileToWrite {
String filename; String filename;
byte[] content; byte[] content;
@ -422,17 +420,17 @@ public class JsonFileClientUpdateComponent extends ClientUpdateComponent {
isip = false; isip = false;
if(checkuserban) { if(checkuserban) {
if(core.getServer().isPlayerBanned(name)) { if(core.getServer().isPlayerBanned(name)) {
Log.info("Ignore message from '" + ip + "' - banned player (" + safeString(name) + ")"); Log.info("Ignore message from '" + ip + "' - banned player (" + name + ")");
ok = false; ok = false;
} }
} }
if(chat_perms && !core.getServer().checkPlayerPermission(name, "webchat")) { if(chat_perms && !core.getServer().checkPlayerPermission(name, "webchat")) {
Log.info("Rejected web chat from " + ip + ": not permitted (" + safeString(name) + ")"); Log.info("Rejected web chat from " + ip + ": not permitted (" + name + ")");
ok = false; ok = false;
} }
} }
else if(requireplayerloginip) { else if(requireplayerloginip) {
Log.info("Ignore message from '" + safeString(name) + "' - no matching player login recorded"); Log.info("Ignore message from '" + name + "' - no matching player login recorded");
ok = false; ok = false;
} }
} }

9
DynmapCore/src/main/java/org/dynmap/Log.java
View File

@ -10,6 +10,9 @@ public class Log {
private static String prefix = ""; private static String prefix = "";
private static DynmapLogger dlog = null; private static DynmapLogger dlog = null;
public static boolean verbose = false; public static boolean verbose = false;
public static String safeString(String s) { return s.replaceAll("[\\${}]", "_"); }
public static void setLogger(Logger logger, String pre) { public static void setLogger(Logger logger, String pre) {
log = logger; log = logger;
if((pre != null) && (pre.length() > 0)) if((pre != null) && (pre.length() > 0))
@ -24,6 +27,7 @@ public class Log {
log.setParent(parent); log.setParent(parent);
} }
public static void info(String msg) { public static void info(String msg) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.info(msg); dlog.info(msg);
} }
@ -33,6 +37,7 @@ public class Log {
} }
public static void verboseinfo(String msg) { public static void verboseinfo(String msg) {
if(verbose) { if(verbose) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.info(msg); dlog.info(msg);
} }
@ -50,6 +55,7 @@ public class Log {
} }
} }
public static void severe(String msg) { public static void severe(String msg) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.severe(msg); dlog.severe(msg);
} }
@ -58,6 +64,7 @@ public class Log {
} }
} }
public static void severe(String msg, Throwable e) { public static void severe(String msg, Throwable e) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.severe(msg, e); dlog.severe(msg, e);
} }
@ -66,6 +73,7 @@ public class Log {
} }
} }
public static void warning(String msg) { public static void warning(String msg) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.warning(msg); dlog.warning(msg);
} }
@ -74,6 +82,7 @@ public class Log {
} }
} }
public static void warning(String msg, Throwable e) { public static void warning(String msg, Throwable e) {
msg = safeString(msg);
if (dlog != null) { if (dlog != null) {
dlog.warning(msg, e); dlog.warning(msg, e);
} }

1
DynmapCore/src/main/java/org/dynmap/SimpleWebChatComponent.java
View File

@ -45,6 +45,7 @@ public class SimpleWebChatComponent extends Component {
@Override @Override
public void chatEvent(DynmapPlayer p, String msg) { public void chatEvent(DynmapPlayer p, String msg) {
if(core.disable_chat_to_web) return; if(core.disable_chat_to_web) return;
msg = core.scanAndReplaceLog4JMacro(msg);
if(core.mapManager != null) if(core.mapManager != null)
core.mapManager.pushUpdate(new Client.ChatMessage("player", "", p.getDisplayName(), msg, p.getName())); core.mapManager.pushUpdate(new Client.ChatMessage("player", "", p.getDisplayName(), msg, p.getName()));
} }

9
DynmapCore/src/main/java/org/dynmap/servlet/SendMessageServlet.java
View File

@ -52,7 +52,6 @@ public class SendMessageServlet extends HttpServlet {
public DynmapCore core; public DynmapCore core;
public HashSet<String> proxyaddress = new HashSet<String>(); public HashSet<String> proxyaddress = new HashSet<String>();
private String safeString(String s) { return s.replaceAll("\\$", "_"); }
@Override @Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
byte[] bytes; byte[] bytes;
@ -66,7 +65,7 @@ public class SendMessageServlet extends HttpServlet {
} }
else if(chat_requires_login && (!userID.equals(LoginServlet.USERID_GUEST)) && chat_perms && else if(chat_requires_login && (!userID.equals(LoginServlet.USERID_GUEST)) && chat_perms &&
(!core.checkPermission(userID, "webchat"))) { (!core.checkPermission(userID, "webchat"))) {
Log.info("Rejected web chat by " + safeString(userID) + ": not permitted"); Log.info("Rejected web chat by " + userID + ": not permitted");
error = "not-permitted"; error = "not-permitted";
} }
else { else {
@ -119,20 +118,20 @@ public class SendMessageServlet extends HttpServlet {
String id = ids.get(0); String id = ids.get(0);
if (check_user_ban) { if (check_user_ban) {
if (core.getServer().isPlayerBanned(id)) { if (core.getServer().isPlayerBanned(id)) {
Log.info("Ignore message from '" + safeString(message.name) + "' - banned player (" + id + ")"); Log.info("Ignore message from '" + message.name + "' - banned player (" + id + ")");
error = "not-allowed"; error = "not-allowed";
ok = false; ok = false;
} }
} }
if (chat_perms && !core.getServer().checkPlayerPermission(id, "webchat")) { if (chat_perms && !core.getServer().checkPlayerPermission(id, "webchat")) {
Log.info("Rejected web chat from '" + safeString(message.name) + "': not permitted (" + id + ")"); Log.info("Rejected web chat from '" + message.name + "': not permitted (" + id + ")");
error = "not-allowed"; error = "not-allowed";
ok = false; ok = false;
} }
message.name = id; message.name = id;
isip = false; isip = false;
} else if (require_player_login_ip) { } else if (require_player_login_ip) {
Log.info("Ignore message from '" + safeString(message.name) + "' - no matching player login recorded"); Log.info("Ignore message from '" + message.name + "' - no matching player login recorded");
error = "not-allowed"; error = "not-allowed";
ok = false; ok = false;
} }

3
fabric-1.14.4/src/main/resources/configuration.txt
View File

@ -459,3 +459,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.15.2/src/main/resources/configuration.txt
View File

@ -459,3 +459,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.16.4/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.17.1/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
fabric-1.18/src/main/resources/configuration.txt
View File

@ -465,3 +465,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.11.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.12.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.13.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.14.4/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.15.2/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.16.5/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.17.1/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
forge-1.18/src/main/resources/configuration.txt
View File

@ -467,3 +467,6 @@ verbose: false
# - class: org.dynmap.debug.LogDebugger # - class: org.dynmap.debug.LogDebugger
# Debug: dump blocks missing render data # Debug: dump blocks missing render data
dump-missing-blocks: false dump-missing-blocks: false
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"

3
spigot/src/main/resources/configuration.txt
View File

@ -501,3 +501,6 @@ dump-missing-blocks: false
# your worlds before running with this setting enabled (set to true) # your worlds before running with this setting enabled (set to true)
# #
#migrate-chunks: true #migrate-chunks: true
# Log4J defense: string substituted for attempts to use macros in web chat
hackAttemptBlurb: "(IaM5uchA1337Haxr-Ban Me!)"