spawnrys/FUCK-CustomDiscs
1
0
Fork 0
mirror of https://github.com/SPAWNRYS-ban/FUCK-CustomDiscs.git synced 2026-03-26 20:28:12 +05:00
Code Issues Packages Projects Releases Wiki Activity

Vulnerability Fix

Browse Source 
This version patches a directory traversal vulerability.
This commit is contained in:
Navoei
2022-11-13 19:06:05 -06:00
parent e646b45af6
commit f308b64aa7
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/me/Navoei/customdiscsplugin/command/SubCommands/CreateCommand.java
View File

@@ -53,6 +53,10 @@ public class CreateCommand extends SubCommand {
//Find file, if file not there then say "file not there"
String songname = "";
String filename = args[1];
if (filename.contains("../")) {
player.sendMessage(ChatColor.RED + "This is an invalid filename!");
return;
}
if (customName(readQuotes(args)).equalsIgnoreCase("")) {
player.sendMessage(ChatColor.RED + "You must provide a name for your disc.");