From 4533df17cfdb7f03ed5fa024244853cf02807a1c Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 3 Nov 2017 18:49:28 +0000 Subject: [PATCH] make username validation on login less stupid why are we checking if the username is valid AFTER we already tried to set it? it might not even be a string --- src/pocketmine/Player.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/pocketmine/Player.php b/src/pocketmine/Player.php index b4baf44f8..36d4ba917 100644 --- a/src/pocketmine/Player.php +++ b/src/pocketmine/Player.php @@ -175,7 +175,11 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{ * * @return bool */ - public static function isValidUserName(string $name) : bool{ + public static function isValidUserName(?string $name) : bool{ + if($name === null){ + return false; + } + $lname = strtolower($name); $len = strlen($name); return $lname !== "rcon" and $lname !== "console" and $len >= 1 and $len <= 16 and preg_match("/[^A-Za-z0-9_ ]/", $name) === 0; @@ -1979,6 +1983,11 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{ return true; } + if(!self::isValidUserName($packet->username)){ + $this->close("", "disconnectionScreen.invalidName"); + return true; + } + $this->username = TextFormat::clean($packet->username); $this->displayName = $this->username; $this->iusername = strtolower($this->username); @@ -1992,11 +2001,6 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{ $this->uuid = UUID::fromString($packet->clientUUID); $this->rawUUID = $this->uuid->toBinary(); - if(!Player::isValidUserName($packet->username)){ - $this->close("", "disconnectionScreen.invalidName"); - return true; - } - $skin = new Skin( $packet->clientData["SkinId"], base64_decode($packet->clientData["SkinData"] ?? ""),