Fix signs for names > 14 char length.

This can be exploited by creating a user with the same first 14 characters. git-svn-id: https://svn.java.net/svn/essentials~svn/trunk@1253 e251c2fe-e539-e718-e476-b85c1f46cddb
2024-07-02 18:53:43 +00:00 · 2011-04-21 14:08:01 +00:00 · 2011-04-21 14:08:01 +00:00 · d11b13d986
parent f53ab01e3e
commit d11b13d986
3 changed files with 12 additions and 7 deletions
--- a/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java
+++ b/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java
@ -60,6 +60,7 @@ public class EssentialsBlockListener extends BlockListener
 		if (event.isCancelled()) return;
 		if (Essentials.getSettings().areSignsDisabled()) return;
 		User user = User.get(event.getPlayer());
+		String username = user.getName().substring(0, user.getName().length() > 14 ? 14 : user.getName().length());

 		try
 		{
@ -70,7 +71,7 @@ public class EssentialsBlockListener extends BlockListener
 					event.setLine(0, "§1[Protection]");
 				else
 					event.setLine(0, "§4[Protection]");
-				event.setLine(3, user.getName().substring(0, 14));
+				event.setLine(3, username);
 				return;
 			}
 			if (event.getLine(0).equalsIgnoreCase("[Disposal]"))
@ -237,6 +238,7 @@ public class EssentialsBlockListener extends BlockListener

 	private int checkProtectionSign(Block block, User user)
 	{
+		String username = user.getName().substring(0, user.getName().length() > 14 ? 14 : user.getName().length());
 		if (block.getType() == Material.SIGN_POST || block.getType() == Material.WALL_SIGN)
 		{
 			Sign sign = new CraftSign(block);
@ -249,11 +251,11 @@ public class EssentialsBlockListener extends BlockListener
 						if (user.inGroup(line)) {
 							return ALLOWED;
 						}
-					} else if (line.equalsIgnoreCase(user.getName().substring(0, 14))) {
+					} else if (line.equalsIgnoreCase(username)) {
 						return ALLOWED;
 					}
 				}
-				if (sign.getLine(3).equalsIgnoreCase(user.getName().substring(0, 14)))
+				if (sign.getLine(3).equalsIgnoreCase(username))
 				{
 					return OWNER;
 				}
--- a/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java
+++ b/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java
@ -17,13 +17,14 @@ public class EssentialsEcoBlockListener extends BlockListener
 		if (event.isCancelled()) return;
 		if (Essentials.getSettings().areSignsDisabled()) return;
 		User user = User.get(event.getPlayer());
+		String username = user.getName().substring(0, user.getName().length() > 14 ? 14 : user.getName().length());
 		if (event.getBlock().getType() != Material.WALL_SIGN && event.getBlock().getType() != Material.SIGN_POST)
 			return;
 		Sign sign = new CraftSign(event.getBlock());

 		if (sign.getLine(0).equals("§1[Trade]"))
 		{
-			if (!sign.getLine(3).substring(2).equals(user.getName().substring(0, 14))) {
+			if (!sign.getLine(3).substring(2).equals(username)) {
 				if (!user.isOp()) {
 					event.setCancelled(true);
 				}
@ -70,6 +71,7 @@ public class EssentialsEcoBlockListener extends BlockListener
 	{
 		if (Essentials.getSettings().areSignsDisabled()) return;
 		User user = User.get(event.getPlayer());
+		String username = user.getName().substring(0, user.getName().length() > 14 ? 14 : user.getName().length());

 		if (event.getLine(0).equalsIgnoreCase("[Buy]") && user.isAuthorized("essentials.signs.buy.create"))
 		{
@ -149,7 +151,7 @@ public class EssentialsEcoBlockListener extends BlockListener
 				event.setLine(0, "§1[Trade]");
 				event.setLine(1, (m1 ? "$" + q1 : q1 + " " + l1[1]) + ":0");
 				event.setLine(2, (m2 ? "$" + q2 : q2 + " " + l2[1]) + ":" + r2);
-				event.setLine(3, "§8" + user.getName().substring(0, 14));
+				event.setLine(3, "§8" + username);
 			}
 			catch (Throwable ex)
 			{
@ -157,7 +159,7 @@ public class EssentialsEcoBlockListener extends BlockListener
 				event.setLine(0, "§4[Trade]");
 				event.setLine(1, "# ItemOr$");
 				event.setLine(2, "# ItemOr$:#");
-				event.setLine(3, "§8" + user.getName().substring(0, 14));
+				event.setLine(3, "§8" + username);
 			}
 			return;
 		}
--- a/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java
+++ b/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java
@ -20,6 +20,7 @@ public class EssentialsEcoPlayerListener extends PlayerListener
 		if (Essentials.getSettings().areSignsDisabled()) return;
 		if (event.getAction() != Action.RIGHT_CLICK_BLOCK) return;
 		User user = User.get(event.getPlayer());
+		String username = user.getName().substring(0, user.getName().length() > 14 ? 14 : user.getName().length());
 		if (event.getClickedBlock().getType() != Material.WALL_SIGN && event.getClickedBlock().getType() != Material.SIGN_POST)
 			return;
 		Sign sign = new CraftSign(event.getClickedBlock());
@ -85,7 +86,7 @@ public class EssentialsEcoPlayerListener extends PlayerListener
 				ItemStack qi1 = m1 ? null : ItemDb.get(l1[1], q1);
 				ItemStack qi2 = m2 ? null : ItemDb.get(l2[1], q2);

-				if (user.getName().substring(0, 14).equals(sign.getLines()[3].substring(2)))
+				if (username.equals(sign.getLines()[3].substring(2)))
 				{
 					if (m1)
 					{