From 668d67d512d4c362fb4c5b2c11e017e9d7a6e0c5 Mon Sep 17 00:00:00 2001 From: Matt D Date: Mon, 21 Apr 2014 01:25:25 -0400 Subject: [PATCH 1/2] Fixes an exploit which allowed the player to set a new home while a warmup was in progress --- .../org/morganm/homespawnplus/HomeSpawnPlus.java | 8 +++++++- .../org/morganm/homespawnplus/commands/Home.java | 15 ++++++++++++++- .../morganm/homespawnplus/commands/SetHome.java | 8 ++++++++ .../morganm/homespawnplus/i18n/HSPMessages.java | 1 + src/main/resources/lang/hsp_de.properties | 1 + src/main/resources/lang/hsp_en.properties | 1 + src/main/resources/lang/hsp_es.properties | 1 + src/main/resources/lang/hsp_fr.properties | 1 + src/main/resources/lang/hsp_nl.properties | 1 + src/main/resources/lang/hsp_pt-br.properties | 1 + src/main/resources/lang/hsp_pt.properties | 1 + src/main/resources/lang/hsp_ru.properties | 1 + 12 files changed, 38 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/morganm/homespawnplus/HomeSpawnPlus.java b/src/main/java/org/morganm/homespawnplus/HomeSpawnPlus.java index c50b7c3..7948dfb 100644 --- a/src/main/java/org/morganm/homespawnplus/HomeSpawnPlus.java +++ b/src/main/java/org/morganm/homespawnplus/HomeSpawnPlus.java @@ -111,7 +111,13 @@ public class HomeSpawnPlus extends JavaPlugin { public final static String YAML_CONFIG_ROOT_PATH = "plugins/HomeSpawnPlus/"; public final static String YAML_BACKUP_FILE = YAML_CONFIG_ROOT_PATH + "backup.yml"; public final static String BASE_PERMISSION_NODE = "hsp"; - + + // This flag is used to prevent the execution of /sethome while the player + // is currently in a warmup. Without it, it is possible to create a new + // set point while mid-warmup which then allows the player to arbitrarily + // bounce between two /home points where only one may be allowed + public static boolean isInWarmup = false; + // These registrations are required for Bukkit's YAML serialization to work static { ConfigurationSerialization.registerClass(SerializableHome.class, "Home"); diff --git a/src/main/java/org/morganm/homespawnplus/commands/Home.java b/src/main/java/org/morganm/homespawnplus/commands/Home.java index 0c198c7..a9c3d24 100644 --- a/src/main/java/org/morganm/homespawnplus/commands/Home.java +++ b/src/main/java/org/morganm/homespawnplus/commands/Home.java @@ -76,6 +76,9 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, String cooldownName = null; org.morganm.homespawnplus.entity.Home theHome = null; + if( hasWarmup(p, warmupName) ) + HomeSpawnPlus.isInWarmup = true; + StrategyResult result = null; Location l = null; if( args.length > 0 ) { @@ -85,6 +88,7 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, if( args[0].startsWith("w:") ) { if( !plugin.hasPermission(p, OTHER_WORLD_PERMISSION) ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_OTHERWORLD_PERMISSION); + HomeSpawnPlus.isInWarmup = false; return true; } @@ -92,12 +96,14 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, theHome = util.getDefaultHome(p.getName(), worldName); if( theHome == null ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_HOME_ON_WORLD, "world", worldName); + HomeSpawnPlus.isInWarmup = false; return true; } } else { if( !plugin.hasPermission(p, NAMED_HOME_PERMISSION) ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_NAMED_HOME_PERMISSION); + HomeSpawnPlus.isInWarmup = false; return true; } @@ -120,6 +126,7 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, if( l == null ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_NAMED_HOME_FOUND, "name", homeName); + HomeSpawnPlus.isInWarmup = false; return true; } } @@ -130,8 +137,10 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, } debug.debug("home command running cooldown check, cooldownName=",cooldownName); - if( !cooldownCheck(p, cooldownName) ) + if( !cooldownCheck(p, cooldownName) ) { + HomeSpawnPlus.isInWarmup = false; return true; + } final StrategyContext context; if( result != null ) @@ -147,6 +156,7 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, if( playerDirectedArg && !p.getWorld().getName().equals(l.getWorld().getName()) && !plugin.hasPermission(p, OTHER_WORLD_PERMISSION) ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_OTHERWORLD_PERMISSION); + HomeSpawnPlus.isInWarmup = false; return true; } @@ -166,9 +176,12 @@ public void run() { doHomeTeleport(p, finalL, cdName, context, finalHome, finalIsNamedHome); } + + HomeSpawnPlus.isInWarmup = false; } public void cancel() { + HomeSpawnPlus.isInWarmup = false; canceled = true; } diff --git a/src/main/java/org/morganm/homespawnplus/commands/SetHome.java b/src/main/java/org/morganm/homespawnplus/commands/SetHome.java index 21132e1..faef700 100644 --- a/src/main/java/org/morganm/homespawnplus/commands/SetHome.java +++ b/src/main/java/org/morganm/homespawnplus/commands/SetHome.java @@ -38,6 +38,7 @@ import org.bukkit.entity.Player; import org.morganm.homespawnplus.HomeSpawnPlus; import org.morganm.homespawnplus.command.BaseCommand; +import org.morganm.homespawnplus.i18n.Colors; import org.morganm.homespawnplus.i18n.HSPMessages; import org.morganm.homespawnplus.storage.Storage; @@ -64,6 +65,13 @@ public boolean execute(final Player p, final Command command, final String[] arg if( !isEnabled() || !hasPermission(p) ) return true; + if( HomeSpawnPlus.isInWarmup ) { + Colors.setDefaultColor("%rose%"); + util.sendLocalizedMessage(p, HSPMessages.WARMUP_IN_PROGRESS); + Colors.setDefaultColor("%yellow%"); + return true; + } + String cooldownName = null; String homeName = null; diff --git a/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java b/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java index 16adac3..1bba661 100644 --- a/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java +++ b/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java @@ -112,6 +112,7 @@ public enum HSPMessages { WARMUP_ALREADY_PENDING, WARMUP_CANCELLED_DAMAGE, WARMUP_CANCELLED_YOU_MOVED, + WARMUP_IN_PROGRESS, COOLDOWN_IN_EFFECT, diff --git a/src/main/resources/lang/hsp_de.properties b/src/main/resources/lang/hsp_de.properties index 36fd4ea..0cbb5aa 100644 --- a/src/main/resources/lang/hsp_de.properties +++ b/src/main/resources/lang/hsp_de.properties @@ -18,6 +18,7 @@ WARMUP_CANCELLED_DAMAGE=Du hast Schaden genommen! Warmup %name% abgebrochen. WARMUP_CANCELLED_YOU_MOVED=Du hast dich bewegt! Warmup %name% abgebrochen. WARMUP_STARTED=Warmup %name% gestartet, du musst noch %time% warten. WARMUP_ALREADY_PENDING=Dein Warmup für %name% läuft bereits. +WARMUP_IN_PROGRESS=Kann nicht erteilen Befehl beim Aufwärmen. COST_CHARGED=%price% eingezahlt um %command% zu nutzen. COST_ERROR=Fehler beim Abziehen von %price% deines Kontos: %errorMessage% diff --git a/src/main/resources/lang/hsp_en.properties b/src/main/resources/lang/hsp_en.properties index cd3f9e9..ad1fb57 100644 --- a/src/main/resources/lang/hsp_en.properties +++ b/src/main/resources/lang/hsp_en.properties @@ -69,6 +69,7 @@ WARMUP_CANCELLED_DAMAGE=You took damage! Warmup "%name%" cancelled. WARMUP_CANCELLED_YOU_MOVED=You moved! Warmup "%name%" cancelled. WARMUP_STARTED=Warmup "%name%" started, you must wait %seconds% seconds. WARMUP_ALREADY_PENDING=Warmup already pending for "%name%". +WARMUP_IN_PROGRESS=Cannot issue this command while warming up. COST_CHARGED=%price% charged for use of the %command% command. COST_ERROR=Error subtracting %price% from your account: %errorMessage% diff --git a/src/main/resources/lang/hsp_es.properties b/src/main/resources/lang/hsp_es.properties index 3c209d0..96cf906 100644 --- a/src/main/resources/lang/hsp_es.properties +++ b/src/main/resources/lang/hsp_es.properties @@ -69,6 +69,7 @@ WARMUP_CANCELLED_DAMAGE=Te has echo daño! Teletransporte "%name%" cancelado. WARMUP_CANCELLED_YOU_MOVED=Te has movido! Teletransporte "%name%" cancelado. WARMUP_STARTED=Teletransporte "%name%" iniciado, debes esperar %seconds% segundos. WARMUP_ALREADY_PENDING=Teletransporte pendiente a "%name%". +WARMUP_IN_PROGRESS=No se puede emitir comandos durante el calentamiento. COST_CHARGED=Gastado %price% por el uso del comando: "%command%". COST_ERROR=Error al cobrar %price% de tu cuenta: %errorMessage%. diff --git a/src/main/resources/lang/hsp_fr.properties b/src/main/resources/lang/hsp_fr.properties index 06d2ebf..f3d067b 100644 --- a/src/main/resources/lang/hsp_fr.properties +++ b/src/main/resources/lang/hsp_fr.properties @@ -73,6 +73,7 @@ WARMUP_CANCELLED_DAMAGE=Vous subissez des dommages ! Compte à rebours pour "%na WARMUP_CANCELLED_YOU_MOVED=Vous bougez ! Compte à rebours pour "%name%" annulé. Veuillez exécuter la commande de nouveau. WARMUP_STARTED=Veuillez patienter %seconds% secondes avant l'exécution de la commande "%name%". WARMUP_ALREADY_PENDING=Le compte à rebours est déjà lancé pour "%name%". +WARMUP_IN_PROGRESS=Vous ne pouvez pas lancer la commande pendant l'échauffement. COST_CHARGED=L'utilisation de la commande %command% vous coûte %price%. COST_ERROR=Erreur : Impossible de débiter votre compte de %price% : %errorMessage% diff --git a/src/main/resources/lang/hsp_nl.properties b/src/main/resources/lang/hsp_nl.properties index 9d91cf8..9dc7f37 100644 --- a/src/main/resources/lang/hsp_nl.properties +++ b/src/main/resources/lang/hsp_nl.properties @@ -79,6 +79,7 @@ WARMUP_CANCELLED_DAMAGE=%default_color%Je hebt schade opgelopen! Laden van "%nam WARMUP_CANCELLED_YOU_MOVED=%default_color%Je bent verplaatst! Laden van "%name%" geannuleerd. WARMUP_STARTED=%default_color%Laden van "%name%" begonnen, je moet %seconds% seconden wachten. WARMUP_ALREADY_PENDING=%default_color%Al aan het wachten op het laden van "%name%". +WARMUP_IN_PROGRESS=Kan niet meer afgeven commando tijdens het opwarmen. COOLDOWN_IN_EFFECT=%default_color%Cooldown "%name%" is bezig. Je moet nog %seconds% seconden wachten. diff --git a/src/main/resources/lang/hsp_pt-br.properties b/src/main/resources/lang/hsp_pt-br.properties index e1a5b27..c307065 100644 --- a/src/main/resources/lang/hsp_pt-br.properties +++ b/src/main/resources/lang/hsp_pt-br.properties @@ -72,6 +72,7 @@ WARMUP_CANCELLED_DAMAGE=Alguem bateu em voce! Intervalo "%name%" cancelado. WARMUP_CANCELLED_YOU_MOVED=Voce se moveu! Intervalo "%name%" cancelado. WARMUP_STARTED=Intervalo "%name%" iniciado, voce precisa aguardar %seconds% segundos. WARMUP_ALREADY_PENDING=Intervalo esta sendo processado para "%name%". +WARMUP_IN_PROGRESS=No pode emisso comando enquanto cobertor eltrico acima. COST_CHARGED=%price% retirado pelo uso do comando %command%. COST_ERROR=Erro ao tirar %price% da sua conta: %errorMessage% diff --git a/src/main/resources/lang/hsp_pt.properties b/src/main/resources/lang/hsp_pt.properties index 8d499f0..6679208 100644 --- a/src/main/resources/lang/hsp_pt.properties +++ b/src/main/resources/lang/hsp_pt.properties @@ -73,6 +73,7 @@ WARMUP_CANCELLED_DAMAGE=Voce tomou dano! Warmup "%name%" cancelado. WARMUP_CANCELLED_YOU_MOVED=Voce se moveu! Warmup "%name%" cancelado. WARMUP_STARTED=Warmup "%name%" iniciado, voce deve aguardar %seconds% segundos. WARMUP_ALREADY_PENDING=Warmup ja pendente para "%name%". +WARMUP_IN_PROGRESS=No pode edio comando enquanto cobertor elctrico acima. COST_CHARGED=%price% carregada para a utilizacao do comando %command%. COST_ERROR=Error tirando %price% da sua conta: %errorMessage% diff --git a/src/main/resources/lang/hsp_ru.properties b/src/main/resources/lang/hsp_ru.properties index e46e370..c95d8d6 100644 --- a/src/main/resources/lang/hsp_ru.properties +++ b/src/main/resources/lang/hsp_ru.properties @@ -68,6 +68,7 @@ WARMUP_CANCELLED_DAMAGE=Вы получили повреждения! Разог WARMUP_CANCELLED_YOU_MOVED=Вы двинулись! Разогрев "%name%" отменен. WARMUP_STARTED=Разогрев "%name%" начался, вы должны подождать %seconds% секунд. WARMUP_ALREADY_PENDING=Разогрев уже рассматривается "%name%". +WARMUP_IN_PROGRESS=Не можете выдать команду во время разминки. COOLDOWN_IN_EFFECT=Кулдаун "%name%" начал действовать. вы должны подождать %seconds% секунд. From 353a6f9d51d9b6ae7828f9336a14eda5d7ff2bd9 Mon Sep 17 00:00:00 2001 From: Matt D Date: Mon, 21 Apr 2014 01:32:21 -0400 Subject: [PATCH 2/2] Fixed erroneous changes in previous commit which conflicted with project indentation rules --- .../morganm/homespawnplus/commands/Home.java | 18 +++++++++--------- .../homespawnplus/i18n/HSPMessages.java | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/morganm/homespawnplus/commands/Home.java b/src/main/java/org/morganm/homespawnplus/commands/Home.java index a9c3d24..8c76e90 100644 --- a/src/main/java/org/morganm/homespawnplus/commands/Home.java +++ b/src/main/java/org/morganm/homespawnplus/commands/Home.java @@ -96,14 +96,14 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, theHome = util.getDefaultHome(p.getName(), worldName); if( theHome == null ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_HOME_ON_WORLD, "world", worldName); - HomeSpawnPlus.isInWarmup = false; + HomeSpawnPlus.isInWarmup = false; return true; } } else { if( !plugin.hasPermission(p, NAMED_HOME_PERMISSION) ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_NAMED_HOME_PERMISSION); - HomeSpawnPlus.isInWarmup = false; + HomeSpawnPlus.isInWarmup = false; return true; } @@ -126,7 +126,7 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, if( l == null ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_NAMED_HOME_FOUND, "name", homeName); - HomeSpawnPlus.isInWarmup = false; + HomeSpawnPlus.isInWarmup = false; return true; } } @@ -138,8 +138,8 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, debug.debug("home command running cooldown check, cooldownName=",cooldownName); if( !cooldownCheck(p, cooldownName) ) { - HomeSpawnPlus.isInWarmup = false; - return true; + HomeSpawnPlus.isInWarmup = false; + return true; } final StrategyContext context; @@ -156,7 +156,7 @@ public boolean execute(final Player p, final org.bukkit.command.Command command, if( playerDirectedArg && !p.getWorld().getName().equals(l.getWorld().getName()) && !plugin.hasPermission(p, OTHER_WORLD_PERMISSION) ) { util.sendLocalizedMessage(p, HSPMessages.CMD_HOME_NO_OTHERWORLD_PERMISSION); - HomeSpawnPlus.isInWarmup = false; + HomeSpawnPlus.isInWarmup = false; return true; } @@ -177,12 +177,12 @@ public void run() { finalHome, finalIsNamedHome); } - HomeSpawnPlus.isInWarmup = false; + HomeSpawnPlus.isInWarmup = false; } public void cancel() { - HomeSpawnPlus.isInWarmup = false; - canceled = true; + HomeSpawnPlus.isInWarmup = false; + canceled = true; } public void setPlayerName(String playerName) {} diff --git a/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java b/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java index 1bba661..0975d7a 100644 --- a/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java +++ b/src/main/java/org/morganm/homespawnplus/i18n/HSPMessages.java @@ -112,7 +112,7 @@ public enum HSPMessages { WARMUP_ALREADY_PENDING, WARMUP_CANCELLED_DAMAGE, WARMUP_CANCELLED_YOU_MOVED, - WARMUP_IN_PROGRESS, + WARMUP_IN_PROGRESS, COOLDOWN_IN_EFFECT,