spawnrys/FUCK-CustomDiscs
1
0
Fork 0
mirror of https://github.com/SPAWNRYS-ban/FUCK-CustomDiscs.git synced 2025-12-10 13:30:24 +05:00
Code Issues Packages Projects Releases Wiki Activity

Vulnerability Fix

Browse Source 
This version patches a directory traversal vulerability.
This commit is contained in:
Navoei
2022-11-13 19:06:05 -06:00
parent e646b45af6
commit f308b64aa7
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build.gradle
View File

@@ -36,7 +36,7 @@ dependencies {
implementation "io.papermc.paper:paper-api:${bukkit_version}" implementation "io.papermc.paper:paper-api:${bukkit_version}"
implementation "de.maxhenkel.voicechat:voicechat-api:${voicechat_api_version}" implementation "de.maxhenkel.voicechat:voicechat-api:${voicechat_api_version}"
implementation "com.comphenix.protocol:ProtocolLib:5.0.0-SNAPSHOT" compileOnly group: "com.comphenix.protocol", name: "ProtocolLib", version: "4.8.0";
} }

2
gradle.properties
View File

@@ -11,6 +11,6 @@ mod_id=customdiscsplugin
# Target an older API to make it compatible with older versions of Simple Voice Chat # Target an older API to make it compatible with older versions of Simple Voice Chat
voicechat_api_version=2.3.3 voicechat_api_version=2.3.3
plugin_version=2.2.2 plugin_version=2.2.3
maven_group=me.Navoei.customdiscsplugin maven_group=me.Navoei.customdiscsplugin
archives_base_name=custom-discs archives_base_name=custom-discs

4
src/main/java/me/Navoei/customdiscsplugin/command/SubCommands/CreateCommand.java
View File

@@ -53,6 +53,10 @@ public class CreateCommand extends SubCommand {
//Find file, if file not there then say "file not there" //Find file, if file not there then say "file not there"
String songname = ""; String songname = "";
String filename = args[1]; String filename = args[1];
if (filename.contains("../")) {
player.sendMessage(ChatColor.RED + "This is an invalid filename!");
return;
}
if (customName(readQuotes(args)).equalsIgnoreCase("")) { if (customName(readQuotes(args)).equalsIgnoreCase("")) {
player.sendMessage(ChatColor.RED + "You must provide a name for your disc."); player.sendMessage(ChatColor.RED + "You must provide a name for your disc.");