From f53ab01e3ed4c6a924914a2b59c38745a05acb53 Mon Sep 17 00:00:00 2001 From: snowleo Date: Thu, 21 Apr 2011 11:59:22 +0000 Subject: [PATCH] Fix signs for names > 14 char length. This can be exploited by creating a user with the same first 14 characters. git-svn-id: https://svn.java.net/svn/essentials~svn/trunk@1252 e251c2fe-e539-e718-e476-b85c1f46cddb --- .../com/earth2me/essentials/EssentialsBlockListener.java | 6 +++--- .../com/earth2me/essentials/EssentialsEcoBlockListener.java | 6 +++--- .../earth2me/essentials/EssentialsEcoPlayerListener.java | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java b/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java index 1a7271cff..bd36b3ee4 100644 --- a/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java +++ b/Essentials/src/com/earth2me/essentials/EssentialsBlockListener.java @@ -70,7 +70,7 @@ public class EssentialsBlockListener extends BlockListener event.setLine(0, "§1[Protection]"); else event.setLine(0, "§4[Protection]"); - event.setLine(3, user.getName()); + event.setLine(3, user.getName().substring(0, 14)); return; } if (event.getLine(0).equalsIgnoreCase("[Disposal]")) @@ -249,11 +249,11 @@ public class EssentialsBlockListener extends BlockListener if (user.inGroup(line)) { return ALLOWED; } - } else if (line.equalsIgnoreCase(user.getName())) { + } else if (line.equalsIgnoreCase(user.getName().substring(0, 14))) { return ALLOWED; } } - if (sign.getLine(3).equalsIgnoreCase(user.getName())) + if (sign.getLine(3).equalsIgnoreCase(user.getName().substring(0, 14))) { return OWNER; } diff --git a/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java b/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java index 71812d4ef..9e1f14ed4 100644 --- a/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java +++ b/Essentials/src/com/earth2me/essentials/EssentialsEcoBlockListener.java @@ -23,7 +23,7 @@ public class EssentialsEcoBlockListener extends BlockListener if (sign.getLine(0).equals("§1[Trade]")) { - if (!sign.getLine(3).substring(2).equals(user.getName())) { + if (!sign.getLine(3).substring(2).equals(user.getName().substring(0, 14))) { if (!user.isOp()) { event.setCancelled(true); } @@ -149,7 +149,7 @@ public class EssentialsEcoBlockListener extends BlockListener event.setLine(0, "§1[Trade]"); event.setLine(1, (m1 ? "$" + q1 : q1 + " " + l1[1]) + ":0"); event.setLine(2, (m2 ? "$" + q2 : q2 + " " + l2[1]) + ":" + r2); - event.setLine(3, "§8" + user.getName()); + event.setLine(3, "§8" + user.getName().substring(0, 14)); } catch (Throwable ex) { @@ -157,7 +157,7 @@ public class EssentialsEcoBlockListener extends BlockListener event.setLine(0, "§4[Trade]"); event.setLine(1, "# ItemOr$"); event.setLine(2, "# ItemOr$:#"); - event.setLine(3, "§8" + user.getName()); + event.setLine(3, "§8" + user.getName().substring(0, 14)); } return; } diff --git a/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java b/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java index 502517615..bbeb8d3f5 100644 --- a/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java +++ b/Essentials/src/com/earth2me/essentials/EssentialsEcoPlayerListener.java @@ -85,7 +85,7 @@ public class EssentialsEcoPlayerListener extends PlayerListener ItemStack qi1 = m1 ? null : ItemDb.get(l1[1], q1); ItemStack qi2 = m2 ? null : ItemDb.get(l2[1], q2); - if (user.getName().equals(sign.getLines()[3].substring(2))) + if (user.getName().substring(0, 14).equals(sign.getLines()[3].substring(2))) { if (m1) {