From 26432d719589eaaa4fce5afc528fcd745df97dc9 Mon Sep 17 00:00:00 2001 From: mcmonkey4eva Date: Tue, 12 Jul 2016 11:24:52 -0700 Subject: [PATCH] Improve previous commit --- .../scripts/commands/core/LogCommand.java | 6 ++++-- .../scripts/commands/core/YamlCommand.java | 7 ++++--- .../aufdemrand/denizen/utilities/Utilities.java | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/main/java/net/aufdemrand/denizen/scripts/commands/core/LogCommand.java b/src/main/java/net/aufdemrand/denizen/scripts/commands/core/LogCommand.java index 73d6fe3562..33f4f994b9 100644 --- a/src/main/java/net/aufdemrand/denizen/scripts/commands/core/LogCommand.java +++ b/src/main/java/net/aufdemrand/denizen/scripts/commands/core/LogCommand.java @@ -1,6 +1,7 @@ package net.aufdemrand.denizen.scripts.commands.core; import net.aufdemrand.denizen.Settings; +import net.aufdemrand.denizen.utilities.Utilities; import net.aufdemrand.denizen.utilities.debugging.DebugLog; import net.aufdemrand.denizen.utilities.debugging.dB; import net.aufdemrand.denizencore.exceptions.CommandExecutionException; @@ -75,8 +76,9 @@ public void execute(ScriptEntry scriptEntry) throws CommandExecutionException { String directory = URLDecoder.decode(System.getProperty("user.dir")); File file = new File(directory, fileName.asString()); - if (file.getAbsolutePath().replace('\\', '/').contains("Denizen/scripts")) { - dB.echoError(scriptEntry.getResidingQueue(), "Cannot log into the scripts folder!"); + file.getParentFile().mkdirs(); + if (!Utilities.isSafeFile(file)) { + dB.echoError(scriptEntry.getResidingQueue(), "Cannot log into that file!"); return; } diff --git a/src/main/java/net/aufdemrand/denizen/scripts/commands/core/YamlCommand.java b/src/main/java/net/aufdemrand/denizen/scripts/commands/core/YamlCommand.java index d921c0ba0d..d08e91b012 100644 --- a/src/main/java/net/aufdemrand/denizen/scripts/commands/core/YamlCommand.java +++ b/src/main/java/net/aufdemrand/denizen/scripts/commands/core/YamlCommand.java @@ -2,6 +2,7 @@ import net.aufdemrand.denizen.Settings; import net.aufdemrand.denizen.utilities.DenizenAPI; +import net.aufdemrand.denizen.utilities.Utilities; import net.aufdemrand.denizen.utilities.debugging.dB; import net.aufdemrand.denizencore.exceptions.CommandExecutionException; import net.aufdemrand.denizencore.exceptions.InvalidArgumentsException; @@ -295,11 +296,11 @@ public void execute(final ScriptEntry scriptEntry) throws CommandExecutionExcept } File fileObj = new File(DenizenAPI.getCurrentInstance(). getDataFolder().getAbsolutePath() + "/" + filename.asString()); - if (fileObj.getAbsolutePath().replace('\\', '/').contains("Denizen/scripts")) { - dB.echoError(scriptEntry.getResidingQueue(), "Cannot edit the scripts folder!"); + fileObj.getParentFile().mkdirs(); + if (!Utilities.isSafeFile(fileObj)) { + dB.echoError(scriptEntry.getResidingQueue(), "Cannot edit that file!"); return; } - fileObj.getParentFile().mkdirs(); FileWriter fw = new FileWriter(fileObj.getAbsoluteFile()); BufferedWriter writer = new BufferedWriter(fw); writer.write(yamls.get(id).saveToString()); diff --git a/src/main/java/net/aufdemrand/denizen/utilities/Utilities.java b/src/main/java/net/aufdemrand/denizen/utilities/Utilities.java index 6adef60506..ece16b462b 100644 --- a/src/main/java/net/aufdemrand/denizen/utilities/Utilities.java +++ b/src/main/java/net/aufdemrand/denizen/utilities/Utilities.java @@ -31,6 +31,22 @@ */ public class Utilities { + public static boolean isSafeFile(File f) { + try { + String lown = CoreUtilities.toLowerCase(f.getCanonicalPath()); + if (lown.contains("denizen/config.yml")) { + return false; + } + if (lown.contains("denizen/scripts/")) { + return false; + } + return true; + } + catch (Exception ex) { + dB.echoError(ex); + return false; + } + } /** * Gets a Location within a range that an entity can walk in.