Merge pull request #23 from SenseiKiwi/master
Added Name Filtering to CommandEndDungeonCreation
This commit is contained in:
commit
98b0992b3c
1 changed files with 23 additions and 16 deletions
|
@ -1,17 +1,18 @@
|
||||||
package StevenDimDoors.mod_pocketDim.commands;
|
package StevenDimDoors.mod_pocketDim.commands;
|
||||||
|
|
||||||
import StevenDimDoors.mod_pocketDim.DDProperties;
|
import java.util.regex.Pattern;
|
||||||
import StevenDimDoors.mod_pocketDim.DungeonGenerator;
|
|
||||||
import StevenDimDoors.mod_pocketDim.mod_pocketDim;
|
|
||||||
import StevenDimDoors.mod_pocketDim.helpers.DungeonHelper;
|
|
||||||
import StevenDimDoors.mod_pocketDim.helpers.dimHelper;
|
|
||||||
import net.minecraft.command.CommandBase;
|
import net.minecraft.command.CommandBase;
|
||||||
import net.minecraft.command.ICommandSender;
|
import net.minecraft.command.ICommandSender;
|
||||||
import net.minecraft.entity.player.EntityPlayer;
|
import net.minecraft.entity.player.EntityPlayer;
|
||||||
|
import StevenDimDoors.mod_pocketDim.DDProperties;
|
||||||
|
import StevenDimDoors.mod_pocketDim.DungeonGenerator;
|
||||||
|
import StevenDimDoors.mod_pocketDim.mod_pocketDim;
|
||||||
|
|
||||||
public class CommandEndDungeonCreation extends CommandBase
|
public class CommandEndDungeonCreation extends CommandBase
|
||||||
{
|
{
|
||||||
private static DDProperties properties = null;
|
private static DDProperties properties = null;
|
||||||
|
private static Pattern nameFilter = Pattern.compile("[A-Za-z0-9_]+");
|
||||||
|
|
||||||
public CommandEndDungeonCreation()
|
public CommandEndDungeonCreation()
|
||||||
{
|
{
|
||||||
|
@ -26,9 +27,7 @@ public class CommandEndDungeonCreation extends CommandBase
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void processCommand(ICommandSender var1, String[] var2)
|
public void processCommand(ICommandSender var1, String[] var2)
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
EntityPlayer player = this.getCommandSenderAsPlayer(var1);
|
EntityPlayer player = this.getCommandSenderAsPlayer(var1);
|
||||||
|
|
||||||
if(!mod_pocketDim.dungeonHelper.customDungeonStatus.containsKey(player.worldObj.provider.dimensionId))
|
if(!mod_pocketDim.dungeonHelper.customDungeonStatus.containsKey(player.worldObj.provider.dimensionId))
|
||||||
|
@ -58,6 +57,9 @@ public class CommandEndDungeonCreation extends CommandBase
|
||||||
player.sendChatToPlayer("Must name file");
|
player.sendChatToPlayer("Must name file");
|
||||||
}
|
}
|
||||||
else if(!player.worldObj.isRemote)
|
else if(!player.worldObj.isRemote)
|
||||||
|
{
|
||||||
|
//Check that the dungeon name is valid to prevent directory traversal and other forms of abuse
|
||||||
|
if (nameFilter.matcher(var2[0]).matches())
|
||||||
{
|
{
|
||||||
DungeonGenerator newDungeon = mod_pocketDim.dungeonHelper.exportDungeon(player.worldObj, x, y, z, properties.CustomSchematicDirectory + "/" + var2[0] + ".schematic");
|
DungeonGenerator newDungeon = mod_pocketDim.dungeonHelper.exportDungeon(player.worldObj, x, y, z, properties.CustomSchematicDirectory + "/" + var2[0] + ".schematic");
|
||||||
player.sendChatToPlayer("created dungeon schematic in " + properties.CustomSchematicDirectory +"/"+var2[0]+".schematic");
|
player.sendChatToPlayer("created dungeon schematic in " + properties.CustomSchematicDirectory +"/"+var2[0]+".schematic");
|
||||||
|
@ -70,6 +72,11 @@ public class CommandEndDungeonCreation extends CommandBase
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
player.sendChatToPlayer("Invalid schematic name. Please use only letters, numbers, and underscores.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// TODO Auto-generated method stub
|
// TODO Auto-generated method stub
|
||||||
|
|
Loading…
Reference in a new issue