Rx3/Factions
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Color tags shouldn't work in descriptions any more; no more purple "[SERVER]" description messages to impersonate the console

Browse Source
This commit is contained in:
Brettflan 2011-12-16 04:21:21 -06:00
parent 064abfe16c
commit e19b16931d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/massivecraft/factions/cmd/CmdDescription.java
View File

@ -32,13 +32,13 @@ public class CmdDescription extends FCommand
// if economy is enabled, they're not on the bypass list, and this command has a cost set, make 'em pay // if economy is enabled, they're not on the bypass list, and this command has a cost set, make 'em pay
if ( ! payForCommand(Conf.econCostDesc, "to change faction description", "for changing faction description")) return; if ( ! payForCommand(Conf.econCostDesc, "to change faction description", "for changing faction description")) return;
myFaction.setDescription(TextUtil.implode(args, " ")); myFaction.setDescription(TextUtil.implode(args, " ").replaceAll("(&([a-f0-9]))", "& $2")); // since "&" color tags seem to work even through plain old FPlayer.sendMessage() for some reason, we need to break those up
// Broadcast the description to everyone // Broadcast the description to everyone
for (FPlayer fplayer : FPlayers.i.getOnline()) for (FPlayer fplayer : FPlayers.i.getOnline())
{ {
fplayer.msg("<h>%s<i> changed their description to:", myFaction.describeTo(fplayer)); fplayer.msg("<h>%s<i> changed their description to:", myFaction.describeTo(fplayer));
fplayer.msg("<i>"+myFaction.getDescription()); fplayer.sendMessage(myFaction.getDescription()); // players can inject "&" or "`" or "<i>" or whatever in their description, thus exploitable (masquerade as server messages or whatever); by the way, &k is particularly interesting looking
} }
} }