JarvisBigBalls/Mineplex2018-withcommit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Patch SQL Injection vulnerability

Browse Source
This commit is contained in:
AlexTheCoder 2018-09-15 15:18:54 -05:00
parent 6af25bd922
commit 3bf844f9bb
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Plugins/Mineplex.Core/src/mineplex/core/account/CoreClientManager.java
View File

@ -17,7 +17,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.regex.Pattern;
import org.bukkit.Bukkit;
import org.bukkit.entity.Player;
@ -83,6 +83,8 @@ public class CoreClientManager extends MiniPlugin
}
private static final Map<String, Object> CLIENT_LOGIN_LOCKS = new ConcurrentHashMap<>();
private static final Pattern VALID_USERNAME = Pattern.compile("[a-zA-Z0-9_]{1,16}");
private JavaPlugin _plugin;
private AccountRepository _repository;
@ -365,6 +367,11 @@ public class CoreClientManager extends MiniPlugin
public void loadClientByName(String playerName, Consumer<CoreClient> loadedClient)
{
if (!VALID_USERNAME.matcher(playerName).find())
{
return;
}
runAsync(() ->
{
AtomicReference<CoreClient> loaded = new AtomicReference<>();
@ -436,6 +443,11 @@ public class CoreClientManager extends MiniPlugin
public void loadClientByNameSync(final String playerName, final Runnable runnable)
{
if (!VALID_USERNAME.matcher(playerName).find())
{
return;
}
try
{
ClientToken token = null;