Closed ArabianPandaMC closed 2 months ago
I can confirm this is indeed an issue.
Critical placeholders like %player_ip%
are sometimes blocked by anti-advertisement.
Server RAM can be displayed.
This was tested on Minecraft 1.20.4 inside a channel. I'm not currently aware if this will work outside of a channel.
Will be fixed in the next update! Thanks for reporting and sorry for the delay.
Describe the bug
Players are able to parse placeholders in chat/pms.
How to reproduce
By simply writing a placeholder in chat, it will parse it for you, this creates a major security issue as sensitive placeholders may be used, sending a user a private message will also parse the placeholder for them.
Screenshots / Videos
No response
Server Log
No response