From c2ee0ebd42bda94a89cc9000369998c5c30f46ef Mon Sep 17 00:00:00 2001
From: Mike Primm <mike@primmhome.com>
Date: Thu, 23 Jun 2011 16:35:17 -0500
Subject: [PATCH] Add requestion option to trust client-provided name in
 sendMessage for internal web server

---
 configuration.txt                             |  1 +
 .../dynmap/InternalClientUpdateComponent.java |  2 ++
 .../org/dynmap/utils/FileLockManager.java     |  3 +--
 .../web/handlers/SendMessageHandler.java      | 21 ++++++++++++-------
 4 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/configuration.txt b/configuration.txt
index 5f335235..085b27cb 100644
--- a/configuration.txt
+++ b/configuration.txt
@@ -9,6 +9,7 @@ components:
     allowwebchat: true
     webchat-interval: 5
     hidewebchatip: false
+    trustclientname: false
   #- class: org.dynmap.JsonFileClientUpdateComponent
   #  writeinterval: 1
   #  sendhealth: true
diff --git a/src/main/java/org/dynmap/InternalClientUpdateComponent.java b/src/main/java/org/dynmap/InternalClientUpdateComponent.java
index 160cd458..782232a7 100644
--- a/src/main/java/org/dynmap/InternalClientUpdateComponent.java
+++ b/src/main/java/org/dynmap/InternalClientUpdateComponent.java
@@ -12,6 +12,7 @@ public class InternalClientUpdateComponent extends ClientUpdateComponent {
         super(plugin, configuration);
         final Boolean allowwebchat = configuration.getBoolean("allowwebchat", false);
         final Boolean hidewebchatip = configuration.getBoolean("hidewebchatip", false);
+        final Boolean trust_client_name = configuration.getBoolean("trustclientname", false);
         final float webchatInterval = configuration.getFloat("webchat-interval", 1);
         final String spammessage = plugin.configuration.getString("spammessage", "You may only chat once every %interval% seconds.");
 
@@ -30,6 +31,7 @@ public class InternalClientUpdateComponent extends ClientUpdateComponent {
                 maximumMessageInterval = (int)(webchatInterval * 1000);
                 spamMessage = "\""+spammessage+"\"";
                 hideip = hidewebchatip;
+                this.trustclientname = trust_client_name;
                 onMessageReceived.addListener(new Listener<SendMessageHandler.Message>() {
                     @Override
                     public void triggered(Message t) {
diff --git a/src/main/java/org/dynmap/utils/FileLockManager.java b/src/main/java/org/dynmap/utils/FileLockManager.java
index a95b4f80..b4598e18 100644
--- a/src/main/java/org/dynmap/utils/FileLockManager.java
+++ b/src/main/java/org/dynmap/utils/FileLockManager.java
@@ -117,9 +117,8 @@ public class FileLockManager {
         while(!done) {
             try {
                 ImageIO.write(img, type, fname);
-                fname.setLastModified(System.currentTimeMillis());
                 done = true;
-            } catch (FileNotFoundException fnfx) {  /* This seems to be what we get when file is locked by reader */
+            } catch (IOException fnfx) {
                 if(retrycnt < MAX_WRITE_RETRIES) {
                     Log.info("Image file " + fname.getPath() + " - unable to write - retry #" + retrycnt);
                     try { Thread.sleep(50 << retrycnt); } catch (InterruptedException ix) { throw fnfx; }
diff --git a/src/main/java/org/dynmap/web/handlers/SendMessageHandler.java b/src/main/java/org/dynmap/web/handlers/SendMessageHandler.java
index bfb2ca4a..4e915149 100644
--- a/src/main/java/org/dynmap/web/handlers/SendMessageHandler.java
+++ b/src/main/java/org/dynmap/web/handlers/SendMessageHandler.java
@@ -25,6 +25,7 @@ public class SendMessageHandler implements HttpHandler {
     private Charset cs_utf8 = Charset.forName("UTF-8");
     public int maximumMessageInterval = 1000;
     public boolean hideip = false;
+    public boolean trustclientname = false;
     public String spamMessage = "\"You may only chat once every %interval% seconds.\"";
     private HashMap<String, WebUser> disallowedUsers = new HashMap<String, WebUser>();
     private LinkedList<WebUser> disallowedUserQueue = new LinkedList<WebUser>();
@@ -44,14 +45,20 @@ public class SendMessageHandler implements HttpHandler {
 
         JSONObject o = (JSONObject)parser.parse(reader);
         final Message message = new Message();
-        /* If proxied client address, get original */
-        if(request.fields.containsKey("X-Forwarded-For"))
-            message.name = request.fields.get("X-Forwarded-For");
-        /* If from loopback, we're probably getting from proxy - need to trust client */
-        else if(request.rmtaddr.getAddress().isLoopbackAddress())
+        
+        if(trustclientname) {
             message.name = String.valueOf(o.get("name"));
-        else
-            message.name = request.rmtaddr.getAddress().getHostAddress();
+        }
+        else {
+        	/* If proxied client address, get original */
+        	if(request.fields.containsKey("X-Forwarded-For"))
+        		message.name = request.fields.get("X-Forwarded-For");
+        	/* If from loopback, we're probably getting from proxy - need to trust client */
+        	else if(request.rmtaddr.getAddress().isLoopbackAddress())
+        		message.name = String.valueOf(o.get("name"));
+        	else
+        		message.name = request.rmtaddr.getAddress().getHostAddress();
+        }
         if(hideip) {    /* If hiding IP, find or assign alias */
             synchronized(disallowedUsersLock) {
                 String n = useralias.get(message.name);