From a9146ac27ffddbbe47c9772b248a9d4015c8edd4 Mon Sep 17 00:00:00 2001 From: Brettflan Date: Sun, 18 Dec 2011 01:25:42 -0600 Subject: [PATCH] Improved fix for players being able to inject colors into faction descriptions, usable to spoof server messages and such --- src/com/massivecraft/factions/cmd/CmdDescription.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/com/massivecraft/factions/cmd/CmdDescription.java b/src/com/massivecraft/factions/cmd/CmdDescription.java index e4450807..d9637ee8 100644 --- a/src/com/massivecraft/factions/cmd/CmdDescription.java +++ b/src/com/massivecraft/factions/cmd/CmdDescription.java @@ -32,13 +32,13 @@ public class CmdDescription extends FCommand // if economy is enabled, they're not on the bypass list, and this command has a cost set, make 'em pay if ( ! payForCommand(Conf.econCostDesc, "to change faction description", "for changing faction description")) return; - myFaction.setDescription(TextUtil.implode(args, " ")); - + myFaction.setDescription(TextUtil.implode(args, " ").replaceAll("(&([a-f0-9]))", "& $2")); // since "&" color tags seem to work even through plain old FPlayer.sendMessage() for some reason, we need to break those up + // Broadcast the description to everyone for (FPlayer fplayer : FPlayers.i.getOnline()) { fplayer.msg("The faction %s changed their description to:", myFaction.describeTo(fplayer)); - fplayer.msg(""+myFaction.getDescription()); + fplayer.sendMessage(myFaction.getDescription()); // players can inject "&" or "`" or "" or whatever in their description; &k is particularly interesting looking } }