Open DSSoftware opened 1 year ago
This looks like your first issue! Thank you for bringing this issue to our attention. Expect a developer to comment within the first 3-5 business days of issue submission.
Strip all message contents after certain message length (still testing).
Reason for unintended behavior:
Mineflayer Docs:
bot.chat(message) Sends a publicly broadcast chat message. Breaks up big messages into multiple chat messages as necessary.
Heya, thanks gonna check that out once I'm free
What's the issue:
Slicing long messages for several messages allows possible unauthorized command executions.
How to reproduce:
Command like this
1234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234567891234/gc hey
would execute command/gc hey
as a bot, but it needs adjustments so it slices the message right at the end of the placeholder string and sends the payload as another message.How to fix:
Simplest option is to remove slicing entirely OR add
IGN >
at the end of sliced string.