From 78fb7896313f2074fa814309901e30d4a4f218e2 Mon Sep 17 00:00:00 2001 From: Howaner Date: Sat, 15 Nov 2014 15:16:52 +0100 Subject: Fixed a security problem with signs. --- src/Bindings/ManualBindings.cpp | 2 +- src/ClientHandle.cpp | 9 +++++++-- src/ClientHandle.h | 6 ++++++ src/World.cpp | 12 +++--------- src/World.h | 5 +---- 5 files changed, 18 insertions(+), 16 deletions(-) diff --git a/src/Bindings/ManualBindings.cpp b/src/Bindings/ManualBindings.cpp index 3d10e2abb..e259e2e91 100644 --- a/src/Bindings/ManualBindings.cpp +++ b/src/Bindings/ManualBindings.cpp @@ -1038,7 +1038,7 @@ static int tolua_cWorld_SetSignLines(lua_State * tolua_S) } #endif { - bool res = self->UpdateSign(BlockX, BlockY, BlockZ, Line1, Line2, Line3, Line4, Player); + bool res = self->SetSignLines(BlockX, BlockY, BlockZ, Line1, Line2, Line3, Line4, Player); tolua_pushboolean(tolua_S, res ? 1 : 0); } } diff --git a/src/ClientHandle.cpp b/src/ClientHandle.cpp index 94bace43a..9bf4875e2 100644 --- a/src/ClientHandle.cpp +++ b/src/ClientHandle.cpp @@ -93,6 +93,7 @@ cClientHandle::cClientHandle(const cSocket * a_Socket, int a_ViewDistance) : m_UniqueID(0), m_HasSentPlayerChunk(false), m_Locale("en_GB"), + m_LastPlacedBlock(0, -1, 0), m_ProtocolVersion(0) { m_Protocol = new cProtocolRecognizer(this); @@ -1500,6 +1501,8 @@ void cClientHandle::HandlePlaceBlock(int a_BlockX, int a_BlockY, int a_BlockZ, e { m_Player->GetInventory().RemoveOneEquippedItem(); } + m_LastPlacedBlock.Set(a_BlockX, a_BlockY, a_BlockZ); + cChunkInterface ChunkInterface(World->GetChunkMap()); NewBlock->OnPlacedByPlayer(ChunkInterface, *World, m_Player, a_BlockX, a_BlockY, a_BlockZ, a_BlockFace, a_CursorX, a_CursorY, a_CursorZ, BlockType, BlockMeta); @@ -1677,8 +1680,10 @@ void cClientHandle::HandleUpdateSign( const AString & a_Line3, const AString & a_Line4 ) { - cWorld * World = m_Player->GetWorld(); - World->UpdateSign(a_BlockX, a_BlockY, a_BlockZ, a_Line1, a_Line2, a_Line3, a_Line4, m_Player); + if (m_LastPlacedBlock.Equals(Vector3i(a_BlockX, a_BlockY, a_BlockZ))) + { + m_Player->GetWorld()->SetSignLines(a_BlockX, a_BlockY, a_BlockZ, a_Line1, a_Line2, a_Line3, a_Line4, m_Player); + } } diff --git a/src/ClientHandle.h b/src/ClientHandle.h index 082ed2fcc..a0dd4ff7a 100644 --- a/src/ClientHandle.h +++ b/src/ClientHandle.h @@ -125,6 +125,9 @@ public: inline bool IsLoggedIn(void) const { return (m_State >= csAuthenticating); } + /** Returns the positions from the last block that the player placed. */ + const Vector3i & GetLastPlacedBlock(void) const { return m_LastPlacedBlock; } // tolua_export + /** Called while the client is being ticked from the world via its cPlayer object */ void Tick(float a_Dt); @@ -432,6 +435,9 @@ private: /** Client Settings */ AString m_Locale; + + /** The positions from the last block that the player placed. It's needed to verify the sign text change. */ + Vector3i m_LastPlacedBlock; /** The plugin channels that the client has registered. */ cChannels m_PluginChannels; diff --git a/src/World.cpp b/src/World.cpp index 68855e617..3178d41a6 100644 --- a/src/World.cpp +++ b/src/World.cpp @@ -2926,25 +2926,19 @@ bool cWorld::SetSignLines(int a_BlockX, int a_BlockY, int a_BlockZ, const AStrin AString Line2(a_Line2); AString Line3(a_Line3); AString Line4(a_Line4); + if (cRoot::Get()->GetPluginManager()->CallHookUpdatingSign(*this, a_BlockX, a_BlockY, a_BlockZ, Line1, Line2, Line3, Line4, a_Player)) { return false; } + if (m_ChunkMap->SetSignLines(a_BlockX, a_BlockY, a_BlockZ, Line1, Line2, Line3, Line4)) { cRoot::Get()->GetPluginManager()->CallHookUpdatedSign(*this, a_BlockX, a_BlockY, a_BlockZ, Line1, Line2, Line3, Line4, a_Player); return true; } - return false; -} - - - - -bool cWorld::UpdateSign(int a_BlockX, int a_BlockY, int a_BlockZ, const AString & a_Line1, const AString & a_Line2, const AString & a_Line3, const AString & a_Line4, cPlayer * a_Player) -{ - return SetSignLines(a_BlockX, a_BlockY, a_BlockZ, a_Line1, a_Line2, a_Line3, a_Line4, a_Player); + return false; } diff --git a/src/World.h b/src/World.h index 1a9f60a5c..b209f71a7 100644 --- a/src/World.h +++ b/src/World.h @@ -377,11 +377,8 @@ public: /** Marks the chunk as failed-to-load: */ void ChunkLoadFailed(int a_ChunkX, int a_ChunkZ); - /** Sets the sign text, asking plugins for permission first. a_Player is the player who this change belongs to, may be nullptr. Returns true if sign text changed. Same as UpdateSign() */ + /** Sets the sign text, asking plugins for permission first. a_Player is the player who this change belongs to, may be nullptr. Returns true if sign text changed. */ bool SetSignLines(int a_BlockX, int a_BlockY, int a_BlockZ, const AString & a_Line1, const AString & a_Line2, const AString & a_Line3, const AString & a_Line4, cPlayer * a_Player = nullptr); // Exported in ManualBindings.cpp - - /** Sets the sign text, asking plugins for permission first. a_Player is the player who this change belongs to, may be nullptr. Returns true if sign text changed. Same as SetSignLines() */ - bool UpdateSign(int a_X, int a_Y, int a_Z, const AString & a_Line1, const AString & a_Line2, const AString & a_Line3, const AString & a_Line4, cPlayer * a_Player = nullptr); // Exported in ManualBindings.cpp /** Sets the command block command. Returns true if command changed. */ bool SetCommandBlockCommand(int a_BlockX, int a_BlockY, int a_BlockZ, const AString & a_Command); // tolua_export -- cgit v1.2.3