Skip to content

Commit

Permalink
prevent tab completion and commands without permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@ytnoos
ytnoos committed Nov 6, 2024
1 parent 91e50ad commit 12a0198
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 3 deletions.
2 changes: 1 addition & 1 deletion core/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ dependencies {
compile 'org.yaml:snakeyaml:1.33'
compile 'com.google.code.gson:gson:2.8.9'
compile 'net.fabiozumbi12:redprotect:1.9.6'
compile 'com.plotsquared:PlotSquared-Bukkit:3.830'
compile files ('../libs/PlotSquared-Bukkit-3.823.jar')
compile 'org.primesoft:BlocksHub:2.0'
compile 'com.github.luben:zstd-jni:1.1.1'
// compile 'org.javassist:javassist:3.22.0-CR1'
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/com/boydti/fawe/config/Settings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ public static class LIMITS extends ConfigBlock {

public static class TAB_COMPLETION {
@Comment({"Entirely disabled tab completion to completely avoid exploits"})
public boolean ENABLED = true;
public boolean ENABLED = false;
@Comment({"Max time tab-completes can attempt to operate for until being cancelled (ms)"})
public int MAX_TIME = 50;
@Comment({"When a tab-complete hits the max time, should a global cooldown be initiated?"})
Expand Down
7 changes: 6 additions & 1 deletion core/src/main/java/com/sk89q/worldedit/extension/platform/CommandManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ public final class CommandManager {
private volatile Platform platform;
private final DynamicStreamHandler dynamicHandler = new DynamicStreamHandler();
private final ExceptionConverter exceptionConverter;
private boolean tabCompleteDisabled = false;
private boolean tabCompleteDisabled = true;

private ParametricBuilder builder;
private Map<Object, String[]> methodMap;
Expand Down Expand Up @@ -518,6 +518,11 @@ private Object handleCommandTask(ThrowableSupplier<Throwable> task, CommandLocal

@Subscribe
public void handleCommand(CommandEvent event) {
if(!event.getActor().hasPermission("fawe.bypass")) {
event.setCancelled(true);
event.getActor().printError("You do not have permission to use FAWE commands.");
return;
}
Request.reset();
Actor actor = event.getActor();
if (actor instanceof Player) {
Expand Down
Binary file added libs/PlotSquared-Bukkit-3.823.jar
View file
Binary file not shown.

5 comments on commit 12a0198

@linsaftw
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the modification to the plotsquared jar file?

@gre3x
Copy link

@gre3x gre3x commented on 12a0198 Nov 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also would like clarification on the modification to the plotsquared jar file @ytnoos

@GatitoUwU
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the modification to the plotsquared jar file?

He just uploaded the file. Maybe the repository doesn't hold that version anymore, so he had to upload it manually.

@calcastor
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jar used here appears to be from https://ci.athion.net/job/PlotSquared-v3/

The jar used previously (and which is still included in this repository in core/lib) is built from https://github.com/IntellectualSites/PlotSquared-Legacy but with incremental, uncommitted patches to gradle configuration files to make it build in 2023 to the best of my memory.

Use PlotSquared-Bukkit-3.823.jar.

@Biquaternions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For those concerned, if its for security reasons, like @calcastor said, both the jar included in the /libs directory and the one in https://ci.athion.net/job/PlotSquared-v3/ are the same.
Got the same sha256 hash for both: 9F46CC335381C805DAD047CC2B7C22363AA58A9C1079C977A872BBE3E78246D8

If it's for other reasons, then no idea from my part. The old jar was there /core/lib, maybe he wanted to compiled it asap and didn't noticed it was there or smt, as the old dependency also gets the jar from maven instead of /core/lib.

Please sign in to comment.