search

pmmp / PocketMine-MP

A server software for Minecraft: Bedrock Edition in PHP
https://pmmp.io
GNU Lesser General Public License v3.0
3.25k stars 1.53k forks source link

No validation for Unicode encodings #2745

Closed dktapps closed 1 year ago

dktapps commented 5 years ago

Issue description

Since 1.9 a few problems have appeared within the client - notably freezes when invalid UTF-8 characters are found on signs. This is problematic because there are various entry points for arbitrary text modification within PocketMine-MP which are not checked for encoding validity and can be used to break the client.

In addition, I suspect (but have not yet confirmed) that TextFormat::clean() can turn valid UTF-8 text into broken gibberish, because the regex replacements in there are not unicode-safe.

dktapps commented 1 year ago

Fixed by 8fad5a6e30035c520d92216dbef5ff7cd1b71347.