Vulnerability Fix

This version patches a directory traversal vulerability.
2025-12-10 13:30:24 +05:00 · 2022-11-13 19:06:05 -06:00
parent e646b45af6
commit f308b64aa7
3 changed files with 6 additions and 2 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -36,7 +36,7 @@ dependencies {
    implementation "io.papermc.paper:paper-api:${bukkit_version}"
    implementation "de.maxhenkel.voicechat:voicechat-api:${voicechat_api_version}"

-    implementation "com.comphenix.protocol:ProtocolLib:5.0.0-SNAPSHOT"
+    compileOnly group: "com.comphenix.protocol", name: "ProtocolLib", version: "4.8.0";

 }

--- a/gradle.properties
+++ b/gradle.properties
@@ -11,6 +11,6 @@ mod_id=customdiscsplugin
 # Target an older API to make it compatible with older versions of Simple Voice Chat
 voicechat_api_version=2.3.3

-plugin_version=2.2.2
+plugin_version=2.2.3
 maven_group=me.Navoei.customdiscsplugin
 archives_base_name=custom-discs
--- a/src/main/java/me/Navoei/customdiscsplugin/command/SubCommands/CreateCommand.java
+++ b/src/main/java/me/Navoei/customdiscsplugin/command/SubCommands/CreateCommand.java
@@ -53,6 +53,10 @@ public class CreateCommand extends SubCommand {
                //Find file, if file not there then say "file not there"
                String songname = "";
                String filename = args[1];
+                if (filename.contains("../")) {
+                    player.sendMessage(ChatColor.RED + "This is an invalid filename!");
+                    return;
+                }

                if (customName(readQuotes(args)).equalsIgnoreCase("")) {
                    player.sendMessage(ChatColor.RED + "You must provide a name for your disc.");