From b730a9659f67fda08d8de3a9eb395bef9dfdfe72 Mon Sep 17 00:00:00 2001 From: Aikar Date: Wed, 27 Feb 2019 22:18:40 -0500 Subject: [PATCH] Strip extra Sign data to/from client modified clients can send abnormally large data from the client to the server and it would get stored on the sign as sent. the client can barely render around 16 characters as-is, but formatting codes can get it to be more than 16 actual length. Set a limit of 80 which should give an average of 16 characters 2 sets of legacy formatting codes which should be plenty for all uses. This does not strip any existing data from the NBT as plugins may use this for storing data out of the rendered area. it only impacts data sent to and from the client. Set -DPaper.maxSignLength=XX to change limit or -1 to disable diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java index 04344a371..9b857a8d1 100644 --- a/src/main/java/net/minecraft/server/PlayerConnection.java +++ b/src/main/java/net/minecraft/server/PlayerConnection.java @@ -2543,6 +2543,11 @@ public class PlayerConnection implements PacketListenerPlayIn, ITickable { String[] lines = new String[4]; for (int i = 0; i < astring.length; ++i) { + // Paper start - cap line length - modified clients can send longer data than normal + if (astring[i].length() > TileEntitySign.MAX_SIGN_LINE_LENGTH && TileEntitySign.MAX_SIGN_LINE_LENGTH > 0) { + astring[i] = astring[i].substring(0, TileEntitySign.MAX_SIGN_LINE_LENGTH); + } + // Paper end lines[i] = SharedConstants.a(astring[i]); //Paper - Replaced with anvil color stripping method to stop exploits that allow colored signs to be created. } SignChangeEvent event = new SignChangeEvent((org.bukkit.craftbukkit.block.CraftBlock) player.getWorld().getBlockAt(x, y, z), this.server.getPlayer(this.player), lines); diff --git a/src/main/java/net/minecraft/server/TileEntitySign.java b/src/main/java/net/minecraft/server/TileEntitySign.java index c2bcbbbab..05fb2eea5 100644 --- a/src/main/java/net/minecraft/server/TileEntitySign.java +++ b/src/main/java/net/minecraft/server/TileEntitySign.java @@ -1,6 +1,7 @@ package net.minecraft.server; import com.mojang.brigadier.exceptions.CommandSyntaxException; + import javax.annotation.Nullable; public class TileEntitySign extends TileEntity implements ICommandListener { @@ -14,17 +15,31 @@ public class TileEntitySign extends TileEntity implements ICommandListener { // Paper start - Strip invalid unicode from signs on load private static final boolean keepInvalidUnicode = Boolean.getBoolean("Paper.keepInvalidUnicode"); // Allow people to keep their bad unicode if they really want it private boolean privateUnicodeRemoved = false; + public static final int MAX_SIGN_LINE_LENGTH = Integer.getInteger("Paper.maxSignLength", 80); // Paper end public TileEntitySign() { super(TileEntityTypes.SIGN); } + // Paper start public NBTTagCompound save(NBTTagCompound nbttagcompound) { + return save(nbttagcompound, false); + } + public NBTTagCompound save(NBTTagCompound nbttagcompound, boolean filterLines) { + // Paper end super.save(nbttagcompound); for (int i = 0; i < 4; ++i) { - String s = IChatBaseComponent.ChatSerializer.a(this.lines[i]); + // Paper start + String component = org.bukkit.craftbukkit.util.CraftChatMessage.fromComponent(lines[i]); + + if (filterLines && MAX_SIGN_LINE_LENGTH > 0 && component.length() > MAX_SIGN_LINE_LENGTH) { + component = component.substring(0, MAX_SIGN_LINE_LENGTH); + } + + String s = org.bukkit.craftbukkit.util.CraftChatMessage.toJSON(org.bukkit.craftbukkit.util.CraftChatMessage.fromString(component)[0]); + // Paper end nbttagcompound.setString("Text" + (i + 1), s); } @@ -118,7 +133,7 @@ public class TileEntitySign extends TileEntity implements ICommandListener { } public NBTTagCompound aa_() { - return this.save(new NBTTagCompound()); + return this.save(new NBTTagCompound(), true); // Paper - filter lines } public boolean isFilteredNBT() { -- 2.21.0