Closed zedwick closed 7 years ago
Currently, I'm not at home and I won't be able to work on this. I think I'll add regex filtering, as it is a great idea. In the meantime you can avoid the problem by executing a shell script instead of sending RCon commands (for example by using sed
), but then you would have to be very careful about script injection...
Hello, I just wanted to tell you I finally got some time to complete your request. The feature is ready now, but I want to fix some old stuff before releasing a new version. Sorry for making you wait so long!
Ok, I released a new version. Here's a really simple example of some regex-filtering you might want to use, which replaces all \
with \\
:
# [...]
# A list of actions to perform as soon as somebody votes for your server.
on-vote:
# Sends one or more commands to a Minecraft RCon server.
- action: 'rcon'
# The IP address, port, and password of the RCon server.
# Using a local IP address should be preferred, since the RCon protocol requires passwords to be sent as plaintext.
server:
ip: '0.0.0.0'
port: 25575
password: 'password'
# The commands to send to the RCon server.
# "${service-name}" will be replaced with the service the player has voted on (for example MCSL).
# "${user-name}" will be replaced with the IGN of the player.
# "${address}" will be replaced with the player's IP address.
# "${timestamp}" will be replaced with the time stamp in which the player has voted. Format may vary depending on voting service.
#
# It is not recommended to use commands such as "give", "effect", etc., since they wouldn't work if the player is offline.
# Instead, set a certain score (using the "scoreboard players set <player> <objective> <score> [dataTag]" command) and handle rewarding through an ingame Command Block clock which is always loaded.
commands:
- 'tellraw @a {"text":"${user-name} has just voted for this server on ${service-name}. Thanks!","color":"yellow"}'
- 'scoreboard players add ${user-name} voted 1'
regex-replace:
'\\': '\\\\'
Thanks, I'll be testing this soon!
We've only tested with some fairly simple chat insertions, but it is possible to spam the chat by adding \n or other symbols to names given to server lists.
hello\nhello \n hello
In theory, but again untested, it may be possible to break out of a tell raw and insert a clickable action to run other commands.
Could you add a filter to prevent these, or maybe allow for regex filtering so we can add our own filters certain words, symbols or code?