Closed SquidDev closed 12 months ago
SamsTheNerd
commented
1 year ago that does seem like a much better way of handling it.
looks like ComputerServerMessage varies a little bit between CC:R and CC:T so I'll make the change once I switch over to just CC:T for 1.20
SquidDev
commented
1 year ago Oh, you don't want to be using ComputerServerMessage! It's just to demonstrate the concept :).
SamsTheNerd
commented
1 year ago that does make more sense,, i'll throw it into the next (/hopefully last) 1.19 version then
SamsTheNerd
commented
12 months ago fixed in v1.2.3
The keyboard sends key presses from the client to the server by sending the key information along with the block position of the peripheral. However, this block position is not verified in any way, allowing a malicious client to type on any keyboard in the same dimension:
https://github.com/SamsTheNerd/ducky-periphs/blob/44d9ff06979cae39dd00e712f42f45a6684160d9/common/src/main/java/com/samsthenerd/duckyperiphs/peripherals/keyboards/KeyboardUtils.java#L20-L27
I think a cleaner option here is to do what CC:T does, and associate the packet with the currently opened container/screen handler (see
ComputerServerMessage. This way all state is managed server side - in fact, you don't even need to send the block pos to the client!