Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2024-09-18 17:11:02 +02:00
Code Issues Projects Releases Wiki Activity

Add requestion option to trust client-provided name in sendMessage for

Browse Source 
internal web server
This commit is contained in:
Mike Primm 2011-06-23 16:35:17 -05:00
parent 244419d686
commit c2ee0ebd42
4 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configuration.txt
View File

@ -9,6 +9,7 @@ components:
allowwebchat: true
webchat-interval: 5
hidewebchatip: false
trustclientname: false
#- class: org.dynmap.JsonFileClientUpdateComponent
# writeinterval: 1
# sendhealth: true

2
src/main/java/org/dynmap/InternalClientUpdateComponent.java
View File

@ -12,6 +12,7 @@ public class InternalClientUpdateComponent extends ClientUpdateComponent {
super(plugin, configuration);
final Boolean allowwebchat = configuration.getBoolean("allowwebchat", false);
final Boolean hidewebchatip = configuration.getBoolean("hidewebchatip", false);
final Boolean trust_client_name = configuration.getBoolean("trustclientname", false);
final float webchatInterval = configuration.getFloat("webchat-interval", 1);
final String spammessage = plugin.configuration.getString("spammessage", "You may only chat once every %interval% seconds.");
@ -30,6 +31,7 @@ public class InternalClientUpdateComponent extends ClientUpdateComponent {
maximumMessageInterval = (int)(webchatInterval * 1000);
spamMessage = "\""+spammessage+"\"";
hideip = hidewebchatip;
this.trustclientname = trust_client_name;
onMessageReceived.addListener(new Listener<SendMessageHandler.Message>() {
@Override
public void triggered(Message t) {

3
src/main/java/org/dynmap/utils/FileLockManager.java
View File

@ -117,9 +117,8 @@ public class FileLockManager {
while(!done) {
try {
ImageIO.write(img, type, fname);
fname.setLastModified(System.currentTimeMillis());
done = true;
} catch (FileNotFoundException fnfx) { /* This seems to be what we get when file is locked by reader */
} catch (IOException fnfx) {
if(retrycnt < MAX_WRITE_RETRIES) {
Log.info("Image file " + fname.getPath() + " - unable to write - retry #" + retrycnt);
try { Thread.sleep(50 << retrycnt); } catch (InterruptedException ix) { throw fnfx; }

21
src/main/java/org/dynmap/web/handlers/SendMessageHandler.java
View File

@ -25,6 +25,7 @@ public class SendMessageHandler implements HttpHandler {
private Charset cs_utf8 = Charset.forName("UTF-8");
public int maximumMessageInterval = 1000;
public boolean hideip = false;
public boolean trustclientname = false;
public String spamMessage = "\"You may only chat once every %interval% seconds.\"";
private HashMap<String, WebUser> disallowedUsers = new HashMap<String, WebUser>();
private LinkedList<WebUser> disallowedUserQueue = new LinkedList<WebUser>();
@ -44,14 +45,20 @@ public class SendMessageHandler implements HttpHandler {
JSONObject o = (JSONObject)parser.parse(reader);
final Message message = new Message();
/* If proxied client address, get original */
if(request.fields.containsKey("X-Forwarded-For"))
message.name = request.fields.get("X-Forwarded-For");
/* If from loopback, we're probably getting from proxy - need to trust client */
else if(request.rmtaddr.getAddress().isLoopbackAddress())
if(trustclientname) {
message.name = String.valueOf(o.get("name"));
else
message.name = request.rmtaddr.getAddress().getHostAddress();
}
else {
/* If proxied client address, get original */
if(request.fields.containsKey("X-Forwarded-For"))
message.name = request.fields.get("X-Forwarded-For");
/* If from loopback, we're probably getting from proxy - need to trust client */
else if(request.rmtaddr.getAddress().isLoopbackAddress())
message.name = String.valueOf(o.get("name"));
else
message.name = request.rmtaddr.getAddress().getHostAddress();
}
if(hideip) { /* If hiding IP, find or assign alias */
synchronized(disallowedUsersLock) {
String n = useralias.get(message.name);