mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-09 21:24:53 +00:00
Code Issues Projects Releases Wiki Activity

make username validation on login less stupid

Browse Source 
why are we checking if the username is valid AFTER we already tried to set it? it might not even be a string
This commit is contained in:
Dylan K. Taylor 2017-11-03 18:49:28 +00:00
parent 8ae663425f
commit 4533df17cf
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/pocketmine/Player.php
View File

@ -175,7 +175,11 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
* *
* @return bool * @return bool
*/ */
public static function isValidUserName(string $name) : bool{ public static function isValidUserName(?string $name) : bool{
if($name === null){
return false;
}
$lname = strtolower($name); $lname = strtolower($name);
$len = strlen($name); $len = strlen($name);
return $lname !== "rcon" and $lname !== "console" and $len >= 1 and $len <= 16 and preg_match("/[^A-Za-z0-9_ ]/", $name) === 0; return $lname !== "rcon" and $lname !== "console" and $len >= 1 and $len <= 16 and preg_match("/[^A-Za-z0-9_ ]/", $name) === 0;
@ -1979,6 +1983,11 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
return true; return true;
} }
if(!self::isValidUserName($packet->username)){
$this->close("", "disconnectionScreen.invalidName");
return true;
}
$this->username = TextFormat::clean($packet->username); $this->username = TextFormat::clean($packet->username);
$this->displayName = $this->username; $this->displayName = $this->username;
$this->iusername = strtolower($this->username); $this->iusername = strtolower($this->username);
@ -1992,11 +2001,6 @@ class Player extends Human implements CommandSender, ChunkLoader, IPlayer{
$this->uuid = UUID::fromString($packet->clientUUID); $this->uuid = UUID::fromString($packet->clientUUID);
$this->rawUUID = $this->uuid->toBinary(); $this->rawUUID = $this->uuid->toBinary();
if(!Player::isValidUserName($packet->username)){
$this->close("", "disconnectionScreen.invalidName");
return true;
}
$skin = new Skin( $skin = new Skin(
$packet->clientData["SkinId"], $packet->clientData["SkinId"],
base64_decode($packet->clientData["SkinData"] ?? ""), base64_decode($packet->clientData["SkinData"] ?? ""),