Paper/Spigot-Server-Patches/0250-Fix-exploit-that-allowed-colored-signs-to-be-created.patch
Shane Freeder ea855e2b46 Updated Upstream (Bukkit/CraftBukkit/Spigot)
Upstream has released updates that appears to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Developers!: You will need to clean up your work/Minecraft/1.13.2 folder
for this

Also, restore a patch that was dropped in the last upstream

Bukkit Changes:
279eeab3 Fix command description not being set
96e2bb18 Remove debug print from SyntheticEventTest

CraftBukkit Changes:
d3ed1516 Fix dangerously threaded beacons
217a293d Don't relocate joptsimple to allow --help to work.
1be05a21 Prepare for imminent Java 12 release
a49270b2 Mappings Update
5259d80c SPIGOT-4669: Fix PlayerTeleportEvent coordinates for relative teleports

Spigot Changes:
e6eb36f2 Rebuild patches
2019-03-20 01:55:16 +00:00

23 Zeilen
1.2 KiB
Diff

From c1f825af2f4c12870a088a79779702d2056911c5 Mon Sep 17 00:00:00 2001
From: 0x22 <0x22@futureclient.net>
Date: Thu, 26 Apr 2018 04:41:11 -0400
Subject: [PATCH] Fix exploit that allowed colored signs to be created
diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java
index 273385ee0..5ffb2cd34 100644
--- a/src/main/java/net/minecraft/server/PlayerConnection.java
+++ b/src/main/java/net/minecraft/server/PlayerConnection.java
@@ -2464,7 +2464,7 @@ public class PlayerConnection implements PacketListenerPlayIn, ITickable {
String[] lines = new String[4];
for (int i = 0; i < astring.length; ++i) {
- lines[i] = EnumChatFormat.b(new ChatComponentText(EnumChatFormat.b(astring[i])).getString());
+ lines[i] = SharedConstants.a(astring[i]); //Paper - Replaced with anvil color stripping method to stop exploits that allow colored signs to be created.
}
SignChangeEvent event = new SignChangeEvent((org.bukkit.craftbukkit.block.CraftBlock) player.getWorld().getBlockAt(x, y, z), this.server.getPlayer(this.player), lines);
this.server.getPluginManager().callEvent(event);
--
2.21.0