Fix baltop and confirm transfer buttons #99
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MiniMessage won't render the
<click…>…</click>
tags if there are<>
characters inside the tag.Due to that, replacements after rendering won't work.
Bug introduced in 26c9579 #90 1.7.0
One of the security concerns fixed in #90 was that description placeholders from inside the confirm command could affect the confirmation message or even inject a command. However, this is prevented by:
BankAccounts/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java
Lines 506 to 507 in 5fb4c11
And for the baltop command, it cannot be exploited as it's always
/<label> <page, verified int>
Note
Development jar with version 1.7.0 and this PR applied:
BankAccounts-0.0.0-SNAPSHOT.zip