From 243c12de7ca754c1a5f611c60bca8f45f678d965 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Wed, 13 Feb 2019 14:37:40 +0000 Subject: [PATCH 1/3] EffectCommand: fix bounds check, closes #2055 --- src/pocketmine/command/defaults/EffectCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pocketmine/command/defaults/EffectCommand.php b/src/pocketmine/command/defaults/EffectCommand.php index a13967bd1..e036021a3 100644 --- a/src/pocketmine/command/defaults/EffectCommand.php +++ b/src/pocketmine/command/defaults/EffectCommand.php @@ -83,7 +83,7 @@ class EffectCommand extends VanillaCommand{ $amplification = 0; if(count($args) >= 3){ - if(($d = $this->getBoundedInt($sender, $args[2], 0, INT32_MAX)) === null){ + if(($d = $this->getBoundedInt($sender, $args[2], 0, (int) (INT32_MAX / 20))) === null){ return false; } $duration = $d * 20; //ticks From 27767e7ddbefdc0ea1d9fad5e767d012dad9a4b7 Mon Sep 17 00:00:00 2001 From: Jack Noordhuis Date: Mon, 11 Feb 2019 03:24:38 +1100 Subject: [PATCH 2/3] Verify player name command input, closes #2729, closes #2749 --- src/pocketmine/command/defaults/DeopCommand.php | 3 +++ src/pocketmine/command/defaults/OpCommand.php | 3 +++ src/pocketmine/command/defaults/WhitelistCommand.php | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/src/pocketmine/command/defaults/DeopCommand.php b/src/pocketmine/command/defaults/DeopCommand.php index df65f28ef..0dc92755f 100644 --- a/src/pocketmine/command/defaults/DeopCommand.php +++ b/src/pocketmine/command/defaults/DeopCommand.php @@ -53,6 +53,9 @@ class DeopCommand extends VanillaCommand{ } $name = array_shift($args); + if(!Player::isValidUserName($name)){ + throw new InvalidCommandSyntaxException(); + } $player = $sender->getServer()->getOfflinePlayer($name); $player->setOp(false); diff --git a/src/pocketmine/command/defaults/OpCommand.php b/src/pocketmine/command/defaults/OpCommand.php index ec68a37c4..5f677a4ab 100644 --- a/src/pocketmine/command/defaults/OpCommand.php +++ b/src/pocketmine/command/defaults/OpCommand.php @@ -53,6 +53,9 @@ class OpCommand extends VanillaCommand{ } $name = array_shift($args); + if(!Player::isValidUserName($name)){ + throw new InvalidCommandSyntaxException(); + } $player = $sender->getServer()->getOfflinePlayer($name); Command::broadcastCommandMessage($sender, new TranslationContainer("commands.op.success", [$player->getName()])); diff --git a/src/pocketmine/command/defaults/WhitelistCommand.php b/src/pocketmine/command/defaults/WhitelistCommand.php index 0a5872f57..81fb16f0b 100644 --- a/src/pocketmine/command/defaults/WhitelistCommand.php +++ b/src/pocketmine/command/defaults/WhitelistCommand.php @@ -27,6 +27,7 @@ use pocketmine\command\Command; use pocketmine\command\CommandSender; use pocketmine\command\utils\InvalidCommandSyntaxException; use pocketmine\lang\TranslationContainer; +use pocketmine\Player; use pocketmine\utils\TextFormat; use function count; use function implode; @@ -94,6 +95,9 @@ class WhitelistCommand extends VanillaCommand{ if($this->badPerm($sender, strtolower($args[0]))){ return false; } + if(!Player::isValidUserName($args[1])){ + throw new InvalidCommandSyntaxException(); + } switch(strtolower($args[0])){ case "add": $sender->getServer()->getOfflinePlayer($args[1])->setWhitelisted(true); From d52092888879b69d23c870ea8e1b13be9732af96 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Wed, 13 Feb 2019 14:50:20 +0000 Subject: [PATCH 3/3] Fixed startup time measurement, closes #2713, closes #2750 --- src/pocketmine/PocketMine.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/pocketmine/PocketMine.php b/src/pocketmine/PocketMine.php index f136ba92a..16edabd03 100644 --- a/src/pocketmine/PocketMine.php +++ b/src/pocketmine/PocketMine.php @@ -177,7 +177,6 @@ namespace pocketmine { ini_set("default_charset", "utf-8"); ini_set("memory_limit", '-1'); - define('pocketmine\START_TIME', microtime(true)); define('pocketmine\RESOURCE_PATH', \pocketmine\PATH . 'src' . DIRECTORY_SEPARATOR . 'pocketmine' . DIRECTORY_SEPARATOR . 'resources' . DIRECTORY_SEPARATOR); @@ -245,6 +244,8 @@ namespace pocketmine { } } + //TODO: move this to a Server field + define('pocketmine\START_TIME', microtime(true)); ThreadManager::init(); new Server($autoloader, $logger, \pocketmine\DATA, \pocketmine\PLUGIN_PATH);