From 04dd8cc8873faa11892b12e76d460f9dc0c684f5 Mon Sep 17 00:00:00 2001 From: Zefir Kirilov Date: Sun, 30 Jul 2023 17:11:16 +0300 Subject: [PATCH] disallow using `<>` characters in account names, descriptions, etc. --- .../smp/bankaccounts/commands/BankCommand.java | 15 +++++++++++++++ .../smp/bankaccounts/commands/POSCommand.java | 7 +++++++ src/main/resources/config.yml | 3 +++ 3 files changed, 25 insertions(+) diff --git a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java index 11a7042..e7fc5a6 100644 --- a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java +++ b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java @@ -395,6 +395,14 @@ public static void setName(@NotNull CommandSender sender, String[] args, String String name = String.join(" ", Arrays.copyOfRange(args, 1, args.length)).trim(); name = name.length() > 32 ? name.substring(0, 32) : name; name = name.length() == 0 ? null : name; + + if (name != null && (name.contains("<") || name.contains(">"))) { + sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")), + Placeholder.unparsed("characters", "<>") + )); + return; + } + account.get().name = name; account.get().update(); sender.sendMessage(Account.placeholders(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.name-set")), account.get())); @@ -530,6 +538,13 @@ public static void transfer(@NotNull CommandSender sender, String[] args, String String description = args.length > 3 ? String.join(" ", Arrays.copyOfRange(args, 3, args.length)).trim() : null; if (description != null && description.length() > 64) description = description.substring(0, 64); + if (description != null && (description.contains("<") || description.contains(">"))) { + sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")), + Placeholder.unparsed("characters", "<>") + )); + return; + } + if (!confirm && BankAccounts.getInstance().getConfig().getBoolean("transfer-confirmation.enabled")) { // show confirmation if amount is above this BigDecimal minAmount = BigDecimal.valueOf(BankAccounts.getInstance().getConfig().getDouble("transfer-confirmation.min-amount")); diff --git a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java index ccfc894..ef8df51 100644 --- a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java +++ b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java @@ -110,6 +110,13 @@ public boolean onCommand(final @NotNull CommandSender sender, final @NotNull Com final @Nullable String description = args.length > 2 ? String.join(" ", Arrays.copyOfRange(args, 2, args.length)) : null; + if (description != null && (description.contains("<") || description.contains(">"))) { + sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")), + Placeholder.unparsed("characters", "<>") + )); + return true; + } + final POS pos = new POS(target.getLocation(), price, description, account.get(), new Date()); pos.save(); player.sendMessage(replacePlaceholders(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.pos-created")), pos)); diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index 48a23a8..76b5be2 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -280,6 +280,9 @@ messages: no-card: "(!) You must hold your bank card to use this." pos-items-changed: "(!) The items in the chest have changed. POS cancelled." pos-create-business-only: "(!) You can only create a POS with a business account." + # Provided string includes disallowed characters + # Placeholder: - the disallowed characters + disallowed-characters: "(!) The provided string contains disallowed characters: " # Account balance # Available placeholders: