From a3ea2d749870cb9e0e8d8f92477a10bd6badd7f9 Mon Sep 17 00:00:00 2001
From: Quad <23436973+QuadraticKid@users.noreply.github.com>
Date: Sat, 17 Apr 2021 19:00:12 -0700
Subject: [PATCH] Patch title unicode kick exploit (#293)

---
 .../extras/modules/server/ServerCommand.java  | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java b/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
index cd43bef..99ab6fb 100644
--- a/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
+++ b/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
@@ -77,7 +77,7 @@ public final class ServerCommand implements Listener {
 											return String.join(" ", arr);
 										}
 									} else if ("title".equalsIgnoreCase(arr[i + 1])) {
-										if (command.contains("selector")) {
+										if (parseCharCodes(command).contains("selector")) {
 											return "cancel";
 										}
 									}
@@ -141,7 +141,7 @@ public final class ServerCommand implements Listener {
 					break;
 				case "/minecraft:title":
 				case "/title":
-					if (command.contains("selector")) {
+					if (parseCharCodes(command).contains("selector")) {
 						return "cancel";
 					}
 					break;
@@ -199,4 +199,25 @@ public final class ServerCommand implements Listener {
 
 		System.out.println("Console command: " + command);
 	}
+
+	public static String parseCharCodes(final String input) {
+		if (input.contains("\\u")) {
+			StringBuilder output = new StringBuilder();
+			String[] split = input.split("\\\\u");
+			int index = 0;
+			for (String item:split) {
+				if (index == 0) {
+					output.append(item);
+				} else {
+					String charCode = item.substring(0, 4);
+					output.append((char) Integer.parseInt(charCode, 16));
+					output.append(item.substring(4));
+				}
+				index++;
+			}
+			return output.toString();
+		} else {
+			return input;
+		}
+	}
 }