You can parse placeholders by simply typing them

AdvancedPlugins / Chat

The Best Chat Plugin for Spigot Servers, including AI chat monitoring, endless formatting capabilities, custom commands and way more

3 stars 2 forks source link

You can parse placeholders by simply typing them #33

Closed ArabianPandaMC closed 2 months ago

ArabianPandaMC commented 2 months ago

Describe the bug

Players are able to parse placeholders in chat/pms.

How to reproduce

By simply writing a placeholder in chat, it will parse it for you, this creates a major security issue as sensitive placeholders may be used, sending a user a private message will also parse the placeholder for them.

Screenshots / Videos

No response

Server Log

No response

Schroddinger commented 2 months ago

I can confirm this is indeed an issue. Critical placeholders like %player_ip% are sometimes blocked by anti-advertisement.

Server RAM can be displayed.

This was tested on Minecraft 1.20.4 inside a channel. I'm not currently aware if this will work outside of a channel.

ThomasWega commented 2 months ago

Will be fixed in the next update! Thanks for reporting and sorry for the delay.