Fixed disguise options permissions being bypassable in some instances, including capitalization
This commit is contained in:
parent
db29352948
commit
e70c690751
@ -537,8 +537,9 @@ public class DisguiseListener implements Listener {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
DisguiseParser.callMethods(p, disguise, perms, disguisePerm, new ArrayList<>(Arrays.asList(options)),
|
DisguiseParser
|
||||||
options);
|
.callMethods(p, disguise, perms, disguisePerm, new ArrayList<>(Arrays.asList(options)), options,
|
||||||
|
"DisguiseModifyEntity");
|
||||||
p.sendMessage(LibsMsg.LISTENER_MODIFIED_DISG.get());
|
p.sendMessage(LibsMsg.LISTENER_MODIFIED_DISG.get());
|
||||||
}
|
}
|
||||||
catch (DisguiseParseException ex) {
|
catch (DisguiseParseException ex) {
|
||||||
|
@ -58,7 +58,8 @@ public class DisguiseModifyCommand extends DisguiseBaseCommand implements TabCom
|
|||||||
options = DisguiseParser.parsePlaceholders(options, sender, sender);
|
options = DisguiseParser.parsePlaceholders(options, sender, sender);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), options);
|
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), options,
|
||||||
|
"DisguiseModify");
|
||||||
}
|
}
|
||||||
catch (DisguiseParseException ex) {
|
catch (DisguiseParseException ex) {
|
||||||
if (ex.getMessage() != null) {
|
if (ex.getMessage() != null) {
|
||||||
|
@ -87,7 +87,8 @@ public class DisguiseModifyPlayerCommand extends DisguiseBaseCommand implements
|
|||||||
options = DisguiseParser.parsePlaceholders(options, sender, entityTarget);
|
options = DisguiseParser.parsePlaceholders(options, sender, entityTarget);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), options);
|
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), options,
|
||||||
|
"DisguiseModifyPlayer");
|
||||||
}
|
}
|
||||||
catch (DisguiseParseException ex) {
|
catch (DisguiseParseException ex) {
|
||||||
if (ex.getMessage() != null) {
|
if (ex.getMessage() != null) {
|
||||||
|
@ -154,7 +154,8 @@ public class DisguiseModifyRadiusCommand extends DisguiseBaseCommand implements
|
|||||||
tempArgs = DisguiseParser.parsePlaceholders(tempArgs, sender, entity);
|
tempArgs = DisguiseParser.parsePlaceholders(tempArgs, sender, entity);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), tempArgs);
|
DisguiseParser.callMethods(sender, disguise, permissions, disguisePerm, new ArrayList<>(), tempArgs,
|
||||||
|
"DisguiseModifyRadius");
|
||||||
modifiedDisguises++;
|
modifiedDisguises++;
|
||||||
}
|
}
|
||||||
catch (DisguiseParseException ex) {
|
catch (DisguiseParseException ex) {
|
||||||
|
@ -335,6 +335,7 @@ public class DisguiseParser {
|
|||||||
* Returns if command user can access the disguise creation permission type
|
* Returns if command user can access the disguise creation permission type
|
||||||
*/
|
*/
|
||||||
private static boolean hasPermissionOption(HashMap<String, Boolean> disguiseOptions, String string) {
|
private static boolean hasPermissionOption(HashMap<String, Boolean> disguiseOptions, String string) {
|
||||||
|
string = string.toLowerCase();
|
||||||
// If no permissions were defined, return true
|
// If no permissions were defined, return true
|
||||||
if (disguiseOptions.isEmpty()) {
|
if (disguiseOptions.isEmpty()) {
|
||||||
return true;
|
return true;
|
||||||
@ -712,18 +713,19 @@ public class DisguiseParser {
|
|||||||
String[] newArgs = new String[args.length - toSkip];
|
String[] newArgs = new String[args.length - toSkip];
|
||||||
System.arraycopy(args, toSkip, newArgs, 0, args.length - toSkip);
|
System.arraycopy(args, toSkip, newArgs, 0, args.length - toSkip);
|
||||||
|
|
||||||
callMethods(sender, disguise, permissions, disguisePerm, usedOptions, newArgs);
|
callMethods(sender, disguise, permissions, disguisePerm, usedOptions, newArgs, permNode);
|
||||||
|
|
||||||
// Alright. We've constructed our disguise.
|
// Alright. We've constructed our disguise.
|
||||||
return disguise;
|
return disguise;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void callMethods(CommandSender sender, Disguise disguise, DisguisePermissions disguisePermission,
|
public static void callMethods(CommandSender sender, Disguise disguise, DisguisePermissions disguisePermission,
|
||||||
DisguisePerm disguisePerm, Collection<String> usedOptions,
|
DisguisePerm disguisePerm, Collection<String> usedOptions, String[] args,
|
||||||
String[] args) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException,
|
String permNode) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException,
|
||||||
DisguiseParseException {
|
DisguiseParseException {
|
||||||
Method[] methods = ParamInfoManager.getDisguiseWatcherMethods(disguise.getWatcher().getClass());
|
Method[] methods = ParamInfoManager.getDisguiseWatcherMethods(disguise.getWatcher().getClass());
|
||||||
List<String> list = new ArrayList<>(Arrays.asList(args));
|
List<String> list = new ArrayList<>(Arrays.asList(args));
|
||||||
|
HashMap<String, Boolean> disguiseOptions = null;
|
||||||
|
|
||||||
for (int argIndex = 0; argIndex < args.length; argIndex++) {
|
for (int argIndex = 0; argIndex < args.length; argIndex++) {
|
||||||
// This is the method name they provided
|
// This is the method name they provided
|
||||||
@ -788,6 +790,22 @@ public class DisguiseParser {
|
|||||||
usedOptions.add(methodToUse.getName().toLowerCase());
|
usedOptions.add(methodToUse.getName().toLowerCase());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (methodToUse.getName().equalsIgnoreCase("setpainting") ||
|
||||||
|
methodToUse.getName().equalsIgnoreCase("setpotionid") ||
|
||||||
|
methodToUse.getName().equalsIgnoreCase("setitemstack") ||
|
||||||
|
methodToUse.getName().equalsIgnoreCase("setblock")) {
|
||||||
|
if (disguiseOptions == null) {
|
||||||
|
disguiseOptions = getDisguiseOptions(sender, permNode, disguisePerm);
|
||||||
|
}
|
||||||
|
|
||||||
|
String stringValue = ParamInfoManager.toString(valueToSet);
|
||||||
|
|
||||||
|
if (!hasPermissionOption(disguiseOptions, valueToSet + "")) {
|
||||||
|
throw new DisguiseParseException(LibsMsg.PARSE_NO_PERM_PARAM, stringValue,
|
||||||
|
disguisePerm.toReadable());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
doCheck(sender, disguisePermission, disguisePerm, usedOptions);
|
doCheck(sender, disguisePermission, disguisePerm, usedOptions);
|
||||||
|
|
||||||
if (FlagWatcher.class.isAssignableFrom(methodToUse.getDeclaringClass())) {
|
if (FlagWatcher.class.isAssignableFrom(methodToUse.getDeclaringClass())) {
|
||||||
|
Loading…
Reference in New Issue
Block a user