Color tags shouldn't work in descriptions any more; no more purple "[SERVER]" description messages to impersonate the console
This commit is contained in:
parent
064abfe16c
commit
e19b16931d
@ -32,13 +32,13 @@ public class CmdDescription extends FCommand
|
||||
// if economy is enabled, they're not on the bypass list, and this command has a cost set, make 'em pay
|
||||
if ( ! payForCommand(Conf.econCostDesc, "to change faction description", "for changing faction description")) return;
|
||||
|
||||
myFaction.setDescription(TextUtil.implode(args, " "));
|
||||
myFaction.setDescription(TextUtil.implode(args, " ").replaceAll("(&([a-f0-9]))", "& $2")); // since "&" color tags seem to work even through plain old FPlayer.sendMessage() for some reason, we need to break those up
|
||||
|
||||
// Broadcast the description to everyone
|
||||
for (FPlayer fplayer : FPlayers.i.getOnline())
|
||||
{
|
||||
fplayer.msg("<h>%s<i> changed their description to:", myFaction.describeTo(fplayer));
|
||||
fplayer.msg("<i>"+myFaction.getDescription());
|
||||
fplayer.sendMessage(myFaction.getDescription()); // players can inject "&" or "`" or "<i>" or whatever in their description, thus exploitable (masquerade as server messages or whatever); by the way, &k is particularly interesting looking
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user