Merge pull request #23 from SenseiKiwi/master

Added Name Filtering to CommandEndDungeonCreation
This commit is contained in:
StevenRS11 2013-06-14 23:42:09 -07:00
commit 98b0992b3c

View file

@ -1,17 +1,18 @@
package StevenDimDoors.mod_pocketDim.commands; package StevenDimDoors.mod_pocketDim.commands;
import StevenDimDoors.mod_pocketDim.DDProperties; import java.util.regex.Pattern;
import StevenDimDoors.mod_pocketDim.DungeonGenerator;
import StevenDimDoors.mod_pocketDim.mod_pocketDim;
import StevenDimDoors.mod_pocketDim.helpers.DungeonHelper;
import StevenDimDoors.mod_pocketDim.helpers.dimHelper;
import net.minecraft.command.CommandBase; import net.minecraft.command.CommandBase;
import net.minecraft.command.ICommandSender; import net.minecraft.command.ICommandSender;
import net.minecraft.entity.player.EntityPlayer; import net.minecraft.entity.player.EntityPlayer;
import StevenDimDoors.mod_pocketDim.DDProperties;
import StevenDimDoors.mod_pocketDim.DungeonGenerator;
import StevenDimDoors.mod_pocketDim.mod_pocketDim;
public class CommandEndDungeonCreation extends CommandBase public class CommandEndDungeonCreation extends CommandBase
{ {
private static DDProperties properties = null; private static DDProperties properties = null;
private static Pattern nameFilter = Pattern.compile("[A-Za-z0-9_]+");
public CommandEndDungeonCreation() public CommandEndDungeonCreation()
{ {
@ -26,9 +27,7 @@ public class CommandEndDungeonCreation extends CommandBase
@Override @Override
public void processCommand(ICommandSender var1, String[] var2) public void processCommand(ICommandSender var1, String[] var2)
{ {
EntityPlayer player = this.getCommandSenderAsPlayer(var1); EntityPlayer player = this.getCommandSenderAsPlayer(var1);
if(!mod_pocketDim.dungeonHelper.customDungeonStatus.containsKey(player.worldObj.provider.dimensionId)) if(!mod_pocketDim.dungeonHelper.customDungeonStatus.containsKey(player.worldObj.provider.dimensionId))
@ -58,6 +57,9 @@ public class CommandEndDungeonCreation extends CommandBase
player.sendChatToPlayer("Must name file"); player.sendChatToPlayer("Must name file");
} }
else if(!player.worldObj.isRemote) else if(!player.worldObj.isRemote)
{
//Check that the dungeon name is valid to prevent directory traversal and other forms of abuse
if (nameFilter.matcher(var2[0]).matches())
{ {
DungeonGenerator newDungeon = mod_pocketDim.dungeonHelper.exportDungeon(player.worldObj, x, y, z, properties.CustomSchematicDirectory + "/" + var2[0] + ".schematic"); DungeonGenerator newDungeon = mod_pocketDim.dungeonHelper.exportDungeon(player.worldObj, x, y, z, properties.CustomSchematicDirectory + "/" + var2[0] + ".schematic");
player.sendChatToPlayer("created dungeon schematic in " + properties.CustomSchematicDirectory +"/"+var2[0]+".schematic"); player.sendChatToPlayer("created dungeon schematic in " + properties.CustomSchematicDirectory +"/"+var2[0]+".schematic");
@ -70,6 +72,11 @@ public class CommandEndDungeonCreation extends CommandBase
} }
} }
else
{
player.sendChatToPlayer("Invalid schematic name. Please use only letters, numbers, and underscores.");
}
}
// TODO Auto-generated method stub // TODO Auto-generated method stub