From 24f1081f5a6cc5b19c6b39aef0c439f15c6d9a1b Mon Sep 17 00:00:00 2001 From: lishd Date: Fri, 23 Sep 2011 18:19:23 -0400 Subject: [PATCH] Fix security hole. --- src/lishid/openinv/OpenInv.java | 6 +- .../openinv/OpenInvInventoryListener.java | 10 --- src/lishid/openinv/OpenInvPlayerListener.java | 81 +++++++++++++++++-- src/plugin.yml | 2 +- 4 files changed, 80 insertions(+), 19 deletions(-) delete mode 100644 src/lishid/openinv/OpenInvInventoryListener.java diff --git a/src/lishid/openinv/OpenInv.java b/src/lishid/openinv/OpenInv.java index 9c5cc92..ee69660 100644 --- a/src/lishid/openinv/OpenInv.java +++ b/src/lishid/openinv/OpenInv.java @@ -48,10 +48,10 @@ public class OpenInv extends JavaPlugin { config = this.getConfiguration(); PluginManager pm = getServer().getPluginManager(); - pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Normal, this); + pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Highest, this); //pm.registerEvent(Event.Type.PLAYER_RESPAWN, playerListener, Event.Priority.Normal, this); - pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Normal, this); - pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Normal, this); + pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Highest, this); + pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Lowest, this); //pm.registerEvent(Event.Type.INVENTORY_CLOSE, inventoryListener, Event.Priority.Normal, this); setupPermissions(); diff --git a/src/lishid/openinv/OpenInvInventoryListener.java b/src/lishid/openinv/OpenInvInventoryListener.java deleted file mode 100644 index 3bd6548..0000000 --- a/src/lishid/openinv/OpenInvInventoryListener.java +++ /dev/null @@ -1,10 +0,0 @@ -package lishid.openinv; - -import org.bukkit.event.inventory.InventoryListener; - -public class OpenInvInventoryListener extends InventoryListener{ - OpenInv plugin; - public OpenInvInventoryListener(OpenInv scrap) { - plugin = scrap; - } -} diff --git a/src/lishid/openinv/OpenInvPlayerListener.java b/src/lishid/openinv/OpenInvPlayerListener.java index e421af0..43e6b70 100644 --- a/src/lishid/openinv/OpenInvPlayerListener.java +++ b/src/lishid/openinv/OpenInvPlayerListener.java @@ -1,8 +1,15 @@ package lishid.openinv; import net.minecraft.server.Block; +import net.minecraft.server.EntityPlayer; +import net.minecraft.server.IInventory; +import net.minecraft.server.InventoryLargeChest; +import net.minecraft.server.TileEntityChest; +import net.minecraft.server.World; +import org.bukkit.ChatColor; import org.bukkit.Material; +import org.bukkit.block.Chest; import org.bukkit.block.Sign; import org.bukkit.craftbukkit.entity.CraftPlayer; import org.bukkit.entity.Player; @@ -33,15 +40,79 @@ public class OpenInvPlayerListener extends PlayerListener{ @Override public void onPlayerInteract(PlayerInteractEvent event) { - if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK) + if(event.isCancelled()) + return; + + if(event.getAction() == Action.RIGHT_CLICK_BLOCK && + event.getClickedBlock().getState() instanceof Chest && + PermissionRelay.hasPermission(event.getPlayer(), "OpenInv.anychest")) { - if(event.getClickedBlock() == Block.CHEST || - event.getClickedBlock() == Block.FURNACE || - event.getClickedBlock() == Block.DISPENSER) + EntityPlayer player = ((CraftPlayer)event.getPlayer()).getHandle(); + World world = player.world; + int x = event.getClickedBlock().getX(); + int y = event.getClickedBlock().getY(); + int z = event.getClickedBlock().getZ(); + try { + boolean override = false; + + //If block on top + if(world.e(x, y + 1, z)) + override = true; + + //If block next to chest is chest and has a block on top + if ((world.getTypeId(x - 1, y, z) == Block.CHEST.id) && (world.e(x - 1, y + 1, z))) + override = true; + if ((world.getTypeId(x + 1, y, z) == Block.CHEST.id) && (world.e(x + 1, y + 1, z))) + override = true; + if ((world.getTypeId(x, y, z - 1) == Block.CHEST.id) && (world.e(x, y + 1, z - 1))) + override = true; + if ((world.getTypeId(x, y, z + 1) == Block.CHEST.id) && (world.e(x, y + 1, z + 1))) + override = true; + + //If the chest is blocked + if(override) + { + //Create chest + Object inventory = (TileEntityChest)player.world.getTileEntity(x, y, z); + + //Link chest + if (world.getTypeId(x - 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x - 1, y, z), (IInventory)inventory); + if (world.getTypeId(x + 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x + 1, y, z)); + if (world.getTypeId(x, y, z - 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x, y, z - 1), (IInventory)inventory); + if (world.getTypeId(x, y, z + 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x, y, z + 1)); + + //Open chest + player.a((IInventory)inventory); + + //Send a notification + event.getPlayer().sendMessage("You are opening a blocked chest."); + + //Cancel chest open event + event.setCancelled(true); + } + /* + Chest chest = (Chest)event.getClickedBlock().getState(); + player.a(((CraftInventory)chest.getInventory()).getInventory());*/ return; } - + catch(Exception e) //Incompatible CraftBukkit? + { + e.printStackTrace(); + event.getPlayer().sendMessage(ChatColor.RED + "Error while executing openinv. Unsupported CraftBukkit."); + } + } + + if(event.getAction() == Action.RIGHT_CLICK_BLOCK && + (event.getClickedBlock() == Block.CHEST || + event.getClickedBlock() == Block.FURNACE || + event.getClickedBlock() == Block.DISPENSER)) + { + return; + } + + if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK) + { Player player = event.getPlayer(); if(!(player.getItemInHand().getType() == Material.STICK) diff --git a/src/plugin.yml b/src/plugin.yml index 862bbbf..9b1a92e 100644 --- a/src/plugin.yml +++ b/src/plugin.yml @@ -1,6 +1,6 @@ name: OpenInv main: lishid.openinv.OpenInv -version: 1.4.3 +version: 1.4.6 author: lishid description: > This plugin allows you to open another player's inventory as a chest