Patch SQL Injection vulnerability
This commit is contained in:
parent
6af25bd922
commit
3bf844f9bb
@ -17,7 +17,7 @@ import java.util.concurrent.atomic.AtomicInteger;
|
|||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
import java.util.function.BiConsumer;
|
import java.util.function.BiConsumer;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
import java.util.stream.Collectors;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
import org.bukkit.Bukkit;
|
import org.bukkit.Bukkit;
|
||||||
import org.bukkit.entity.Player;
|
import org.bukkit.entity.Player;
|
||||||
@ -84,6 +84,8 @@ public class CoreClientManager extends MiniPlugin
|
|||||||
|
|
||||||
private static final Map<String, Object> CLIENT_LOGIN_LOCKS = new ConcurrentHashMap<>();
|
private static final Map<String, Object> CLIENT_LOGIN_LOCKS = new ConcurrentHashMap<>();
|
||||||
|
|
||||||
|
private static final Pattern VALID_USERNAME = Pattern.compile("[a-zA-Z0-9_]{1,16}");
|
||||||
|
|
||||||
private JavaPlugin _plugin;
|
private JavaPlugin _plugin;
|
||||||
private AccountRepository _repository;
|
private AccountRepository _repository;
|
||||||
private Map<UUID, CoreClient> _clientList = new HashMap<>();
|
private Map<UUID, CoreClient> _clientList = new HashMap<>();
|
||||||
@ -365,6 +367,11 @@ public class CoreClientManager extends MiniPlugin
|
|||||||
|
|
||||||
public void loadClientByName(String playerName, Consumer<CoreClient> loadedClient)
|
public void loadClientByName(String playerName, Consumer<CoreClient> loadedClient)
|
||||||
{
|
{
|
||||||
|
if (!VALID_USERNAME.matcher(playerName).find())
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
runAsync(() ->
|
runAsync(() ->
|
||||||
{
|
{
|
||||||
AtomicReference<CoreClient> loaded = new AtomicReference<>();
|
AtomicReference<CoreClient> loaded = new AtomicReference<>();
|
||||||
@ -436,6 +443,11 @@ public class CoreClientManager extends MiniPlugin
|
|||||||
|
|
||||||
public void loadClientByNameSync(final String playerName, final Runnable runnable)
|
public void loadClientByNameSync(final String playerName, final Runnable runnable)
|
||||||
{
|
{
|
||||||
|
if (!VALID_USERNAME.matcher(playerName).find())
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
ClientToken token = null;
|
ClientToken token = null;
|
||||||
|
Loading…
Reference in New Issue
Block a user