JaTiTV/T2C-CommandGUI
JaTiTV
/
T2C-CommandGUI
1
0
Fork 0
Code Issues 5 Pull Requests Projects 1 Releases 35 Activity

2.8.8 

This update fixes a security vulnerability where players with modified clients could intercept all commands.
This bug affects the proxy (Bungee, Waterfall etc.)!
This commit is contained in:
JaTiTV 2022-07-19 18:25:48 +02:00
parent abe9cfbe76
commit fa1af88777
3 changed files with 4 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CommandGUI V2/pom.xml
View File

@ -6,7 +6,7 @@
<groupId>net.t2code</groupId>
<artifactId>CommandGUI_V2</artifactId>
<version>2.8.7</version>
<version>2.8.8</version>
<packaging>jar</packaging>
<name>CommandGUI</name>

19
CommandGUI V2/src/main/java/de/jatitv/commandguiv2/Bungee/BListener.java
View File

@ -16,18 +16,18 @@ public class BListener implements Listener {
@EventHandler
public void onPluginmessage(PluginMessageEvent event) {
if (event.getTag().equalsIgnoreCase("cgui:bungee")) {
event.setCancelled(true);
DataInputStream stream = new DataInputStream(new ByteArrayInputStream(event.getData()));
try {
String channel = stream.readUTF();
String input = stream.readUTF();
if (channel.equals("cgui-Console")) {
ProxyServer.getInstance().getConsole().sendMessage("Command Console: "+ input);
ProxyServer.getInstance().getConsole().sendMessage("Command Console: " + input);
ProxyServer.getInstance().getPluginManager().dispatchCommand(ProxyServer.getInstance().getConsole(), input);
} else {
ProxiedPlayer player = ProxyServer.getInstance().getPlayer(channel);
if (player != null) {
ProxyServer.getInstance().getConsole().sendMessage("Command " + player +": "+ input);
ProxyServer.getInstance().getConsole().sendMessage("Command " + player + ": " + input);
ProxyServer.getInstance().getPluginManager().dispatchCommand(player, input);
}
}
@ -41,25 +41,12 @@ public class BListener implements Listener {
public void onJoin(PostLoginEvent e) {
ProxiedPlayer player = e.getPlayer();
sendToSpigotPlayer(player.getName(), true);
/*
if (BMySQL.Enable) {
BMySQL.query("INSERT INTO `gui-bungeeplayer` (`UUID`, `Name`, `Online`) VALUES ('" + player.getUniqueId() + "', '" + player.getName()
+ "', 'true') ON DUPLICATE KEY UPDATE `Name` = '" + player.getName() + "', `Online` = 'true';");
}
*/
}
@EventHandler
public void onDisconnect(PlayerDisconnectEvent e) {
ProxiedPlayer player = e.getPlayer();
sendToSpigotPlayer(e.getPlayer().getName(), false);
/*
if (BMySQL.Enable) {
BMySQL.query("INSERT INTO `gui-bungeeplayer` (`UUID`, `Name`, `Online`) VALUES ('" + player.getUniqueId() + "', '" + player.getName()
+ "', 'true') ON DUPLICATE KEY UPDATE `Name` = '" + player.getName() + "', `Online` = 'false';");
}
*/
}
public static void sendToSpigotPlayer(String name, Boolean join) {

1
CommandGUI V2/src/main/java/de/jatitv/commandguiv2/Spigot/gui/GUIListener.java
View File

@ -42,7 +42,6 @@ public class GUIListener implements Listener {
@EventHandler
public void onInventoryClick(InventoryClickEvent e) {
Player player = (Player) e.getWhoClicked();
JavaPlugin plugin = Main.getPlugin();
if (e.getInventory() == null) return;
if (e.getCurrentItem() == null) return;
for (Gui gui : Main.guiHashMap.values()) {