kaboomserver/extras
1
0
Fork 1
mirror of https://github.com/kaboomserver/extras.git synced 2024-11-23 16:08:18 -05:00
Code Issues Projects Releases Packages Wiki Activity

Patch title unicode kick exploit (#293)

Browse source
This commit is contained in:
Quad 2021-04-17 19:00:12 -07:00 committed by GitHub
parent 97b0177d08
commit a3ea2d7498
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
View file

@ -77,7 +77,7 @@ public final class ServerCommand implements Listener {
return String.join(" ", arr);
}
} else if ("title".equalsIgnoreCase(arr[i + 1])) {
if (command.contains("selector")) {
if (parseCharCodes(command).contains("selector")) {
return "cancel";
}
}
@ -141,7 +141,7 @@ public final class ServerCommand implements Listener {
break;
case "/minecraft:title":
case "/title":
if (command.contains("selector")) {
if (parseCharCodes(command).contains("selector")) {
return "cancel";
}
break;
@ -199,4 +199,25 @@ public final class ServerCommand implements Listener {
System.out.println("Console command: " + command);
}
public static String parseCharCodes(final String input) {
if (input.contains("\\u")) {
StringBuilder output = new StringBuilder();
String[] split = input.split("\\\\u");
int index = 0;
for (String item:split) {
if (index == 0) {
output.append(item);
} else {
String charCode = item.substring(0, 4);
output.append((char) Integer.parseInt(charCode, 16));
output.append(item.substring(4));
}
index++;
}
return output.toString();
} else {
return input;
}
}
}