TotalFreedomMC/OpenInv
1
0
Fork 0
mirror of https://github.com/TotalFreedomMC/OpenInv.git synced 2024-12-22 16:05:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix security hole.

Browse source
This commit is contained in:
lishd 2011-09-23 18:19:23 -04:00
parent 616ea0fad8
commit 24f1081f5a
4 changed files with 80 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/lishid/openinv/OpenInv.java
View file

@ -48,10 +48,10 @@ public class OpenInv extends JavaPlugin {
config = this.getConfiguration();
PluginManager pm = getServer().getPluginManager();
pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Normal, this);
pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Highest, this);
//pm.registerEvent(Event.Type.PLAYER_RESPAWN, playerListener, Event.Priority.Normal, this);
pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Normal, this);
pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Normal, this);
pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Highest, this);
pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Lowest, this);
//pm.registerEvent(Event.Type.INVENTORY_CLOSE, inventoryListener, Event.Priority.Normal, this);
setupPermissions();

10
src/lishid/openinv/OpenInvInventoryListener.java
View file

@ -1,10 +0,0 @@
package lishid.openinv;
import org.bukkit.event.inventory.InventoryListener;
public class OpenInvInventoryListener extends InventoryListener{
OpenInv plugin;
public OpenInvInventoryListener(OpenInv scrap) {
plugin = scrap;
}
}

81
src/lishid/openinv/OpenInvPlayerListener.java
View file

@ -1,8 +1,15 @@
package lishid.openinv;
import net.minecraft.server.Block;
import net.minecraft.server.EntityPlayer;
import net.minecraft.server.IInventory;
import net.minecraft.server.InventoryLargeChest;
import net.minecraft.server.TileEntityChest;
import net.minecraft.server.World;
import org.bukkit.ChatColor;
import org.bukkit.Material;
import org.bukkit.block.Chest;
import org.bukkit.block.Sign;
import org.bukkit.craftbukkit.entity.CraftPlayer;
import org.bukkit.entity.Player;
@ -33,15 +40,79 @@ public class OpenInvPlayerListener extends PlayerListener{
@Override
public void onPlayerInteract(PlayerInteractEvent event)
{
if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK)
if(event.isCancelled())
return;
if(event.getAction() == Action.RIGHT_CLICK_BLOCK &&
event.getClickedBlock().getState() instanceof Chest &&
PermissionRelay.hasPermission(event.getPlayer(), "OpenInv.anychest"))
{
if(event.getClickedBlock() == Block.CHEST ||
event.getClickedBlock() == Block.FURNACE ||
event.getClickedBlock() == Block.DISPENSER)
EntityPlayer player = ((CraftPlayer)event.getPlayer()).getHandle();
World world = player.world;
int x = event.getClickedBlock().getX();
int y = event.getClickedBlock().getY();
int z = event.getClickedBlock().getZ();
try
{
boolean override = false;
//If block on top
if(world.e(x, y + 1, z))
override = true;
//If block next to chest is chest and has a block on top
if ((world.getTypeId(x - 1, y, z) == Block.CHEST.id) && (world.e(x - 1, y + 1, z)))
override = true;
if ((world.getTypeId(x + 1, y, z) == Block.CHEST.id) && (world.e(x + 1, y + 1, z)))
override = true;
if ((world.getTypeId(x, y, z - 1) == Block.CHEST.id) && (world.e(x, y + 1, z - 1)))
override = true;
if ((world.getTypeId(x, y, z + 1) == Block.CHEST.id) && (world.e(x, y + 1, z + 1)))
override = true;
//If the chest is blocked
if(override)
{
//Create chest
Object inventory = (TileEntityChest)player.world.getTileEntity(x, y, z);
//Link chest
if (world.getTypeId(x - 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x - 1, y, z), (IInventory)inventory);
if (world.getTypeId(x + 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x + 1, y, z));
if (world.getTypeId(x, y, z - 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x, y, z - 1), (IInventory)inventory);
if (world.getTypeId(x, y, z + 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x, y, z + 1));
//Open chest
player.a((IInventory)inventory);
//Send a notification
event.getPlayer().sendMessage("You are opening a blocked chest.");
//Cancel chest open event
event.setCancelled(true);
}
/*
Chest chest = (Chest)event.getClickedBlock().getState();
player.a(((CraftInventory)chest.getInventory()).getInventory());*/
return;
}
catch(Exception e) //Incompatible CraftBukkit?
{
e.printStackTrace();
event.getPlayer().sendMessage(ChatColor.RED + "Error while executing openinv. Unsupported CraftBukkit.");
}
}
if(event.getAction() == Action.RIGHT_CLICK_BLOCK &&
(event.getClickedBlock() == Block.CHEST ||
event.getClickedBlock() == Block.FURNACE ||
event.getClickedBlock() == Block.DISPENSER))
{
return;
}
if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK)
{
Player player = event.getPlayer();
if(!(player.getItemInHand().getType() == Material.STICK)

2
src/plugin.yml
View file

@ -1,6 +1,6 @@
name: OpenInv
main: lishid.openinv.OpenInv
version: 1.4.3
version: 1.4.6
author: lishid
description: >
This plugin allows you to open another player's inventory as a chest