search

EngineHub / CommandBook

General and administrative commands
https://enginehub.org/commandbook/
GNU Lesser General Public License v3.0
145 stars 105 forks source link

Bad warp names may cause truncation of file #242

Closed LadyCailinBot closed 4 years ago

LadyCailinBot commented 10 years ago

CMDBOOK-2365 - Reported by sk89q

I got this PM:

Hi,

Could you please block special characters in cmdbook warp names ?

If someone makes a warp with \ in it it will truncate the warps.cvs and in some case (had it several times) down the server.

If you can catch it before the server reboots you can remove the offending warp and get your stuff back. If it reboots it EOFs at the \ and your screwed. I just lost 1,000 warps. About 25% of the total we have.

If you could block anything none alpha numeric that would be cool

Thanks.

PS Its only a matter of time before douchebags start using this flaw to mess up peoples servers maliciously.
LadyCailinBot commented 10 years ago

Comment by Dark_Arc

This may also affect bans, though to a lesser extent.

LadyCailinBot commented 10 years ago

Comment by Dark_Arc

Fixed https://github.com/sk89q/commandbook/commit/4e5ee58892a5f76b262934ef12795bc90a3034b5.

LadyCailinBot commented 10 years ago

Comment by Dark_Arc

Bans are a more complicated issue as I don't know, nor can I find the spec for a valid MineCraft username.