TotalFreedomMC/BukkitTelnet
1
0
Fork 0
mirror of https://github.com/TotalFreedomMC/BukkitTelnet.git synced 2024-09-28 13:03:02 +00:00
Code Issues Projects Releases Wiki Activity

Adjusted input filtering.

Browse source
This commit is contained in:
StevenLawson 2013-09-27 10:19:50 -04:00
parent a9c8930f3b
commit c066e3e5bc
1 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
src/me/StevenLawson/BukkitTelnet/BT_ClientSession.java
View file

@ -20,7 +20,8 @@ import org.bukkit.scheduler.BukkitRunnable;
public final class BT_ClientSession extends Thread public final class BT_ClientSession extends Thread
{ {
private static final Pattern NONASCII_FILTER = Pattern.compile("[^\\x20-\\x7E]"); private static final Pattern NONASCII_FILTER = Pattern.compile("[^\\x20-\\x7E]");
private static final Pattern AUTH_INPUT_FILTER = Pattern.compile("[^a-zA-Z0-9\\-\\.\\_]"); private static final Pattern AUTH_INPUT_FILTER = Pattern.compile("[^a-zA-Z0-9]");
private static final Pattern COMMAND_INPUT_FILTER = Pattern.compile("^[^a-zA-Z0-9/\\?!\\.]+");
// //
private final Socket clientSocket; private final Socket clientSocket;
private final String clientAddress; private final String clientAddress;
@ -255,9 +256,15 @@ public final class BT_ClientSession extends Thread
try try
{ {
writeOutFormatted("Username: ", false); writeOutFormatted("Username: ", false);
String _userName = AUTH_INPUT_FILTER.matcher(reader.readLine()).replaceAll("").trim();
String _userName = reader.readLine();
writeOut(":"); writeOut(":");
if (_userName != null && !_userName.isEmpty())
{
_userName = AUTH_INPUT_FILTER.matcher(_userName).replaceAll("").trim();
}
if (_userName != null && !_userName.isEmpty()) if (_userName != null && !_userName.isEmpty())
{ {
this.userName = _userName; this.userName = _userName;
@ -285,9 +292,15 @@ public final class BT_ClientSession extends Thread
try try
{ {
writeOutFormatted("Password: ", false); writeOutFormatted("Password: ", false);
String _password = AUTH_INPUT_FILTER.matcher(reader.readLine()).replaceAll("").trim();
String _password = reader.readLine();
writeOut(":"); writeOut(":");
if (_password != null && !_password.isEmpty())
{
_password = AUTH_INPUT_FILTER.matcher(_password).replaceAll("").trim();
}
if (_password != null && !_password.isEmpty() && BT_TelnetServer.getInstance().getPassword().equals(_password)) if (_password != null && !_password.isEmpty() && BT_TelnetServer.getInstance().getPassword().equals(_password))
{ {
return true; return true;
@ -339,9 +352,13 @@ public final class BT_ClientSession extends Thread
writeOut(":"); writeOut(":");
if (command != null && !(command = stripNonAscii(command).trim()).isEmpty()) if (command != null)
{ {
sendBukkitCommand(command); command = COMMAND_INPUT_FILTER.matcher(NONASCII_FILTER.matcher(command).replaceAll("")).replaceFirst("").trim();
if (!command.isEmpty())
{
sendBukkitCommand(command);
}
} }
} }
} }
@ -351,11 +368,6 @@ public final class BT_ClientSession extends Thread
} }
} }
private static String stripNonAscii(String string)
{
return NONASCII_FILTER.matcher(string).replaceAll("");
}
private static boolean fuzzyIpMatch(String a, String b, int octets) private static boolean fuzzyIpMatch(String a, String b, int octets)
{ {
boolean match = true; boolean match = true;