mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-10-18 12:04:46 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request from GHSA-p62j-hrxm-xcxf

Browse Source 
This checks the following things:
- Validity of UTF-8 encoding of title, author, and page content
- Maximum soft and hard lengths of title, author, and page content (soft
  limits may be bypassed by uncancelling PlayerEditBookEvent; hard
  limits may not be bypassed)
- Maximum number of pages. Books with more than 50 pages may still be
  edited, but may not have new pages added.
This commit is contained in:
Dylan T
2022-01-04 20:39:02 +00:00
committed by GitHub
parent aeab19a616
commit 3ed57ce49a
3 changed files with 75 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/item/WritableBookPage.php
View File

@@ -23,17 +23,32 @@ declare(strict_types=1);
namespace pocketmine\item;
use pocketmine\utils\Limits;
use pocketmine\utils\Utils;
use function sprintf;
use function strlen;
class WritableBookPage{
public const PAGE_LENGTH_HARD_LIMIT_BYTES = Limits::INT16_MAX;
public const PHOTO_NAME_LENGTH_HARD_LIMIT_BYTES = Limits::INT16_MAX;
/** @var string */
private $text;
/** @var string */
private $photoName;
/**
* @throws \InvalidArgumentException
*/
private static function checkLength(string $string, string $name, int $maxLength) : void{
if(strlen($string) > $maxLength){
throw new \InvalidArgumentException(sprintf("$name must be at most %d bytes, but have %d bytes", $maxLength, strlen($string)));
}
}
public function __construct(string $text, string $photoName = ""){
//TODO: data validation
self::checkLength($text, "Text", self::PAGE_LENGTH_HARD_LIMIT_BYTES);
self::checkLength($photoName, "Photo name", self::PHOTO_NAME_LENGTH_HARD_LIMIT_BYTES);
Utils::checkUTF8($text);
$this->text = $text;
$this->photoName = $photoName;

9
src/item/WrittenBook.php
View File

@@ -24,7 +24,10 @@ declare(strict_types=1);
namespace pocketmine\item;
use pocketmine\nbt\tag\CompoundTag;
use pocketmine\utils\Limits;
use pocketmine\utils\Utils;
use function sprintf;
use function strlen;
class WrittenBook extends WritableBookBase{
@@ -85,6 +88,9 @@ class WrittenBook extends WritableBookBase{
* @return $this
*/
public function setAuthor(string $authorName) : self{
if(strlen($authorName) > Limits::INT16_MAX){
throw new \InvalidArgumentException(sprintf("Author must be at most %d bytes, but have %d bytes", Limits::INT16_MAX, strlen($authorName)));
}
Utils::checkUTF8($authorName);
$this->author = $authorName;
return $this;
@@ -103,6 +109,9 @@ class WrittenBook extends WritableBookBase{
* @return $this
*/
public function setTitle(string $title) : self{
if(strlen($title) > Limits::INT16_MAX){
throw new \InvalidArgumentException(sprintf("Title must be at most %d bytes, but have %d bytes", Limits::INT16_MAX, strlen($title)));
}
Utils::checkUTF8($title);
$this->title = $title;
return $this;