mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-06-06 11:57:10 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request from GHSA-c6fg-99pr-25m9

Browse Source 
* Skin: impose length limits on skinID, geometryName and geometryData fields

* Skin: remove extra newline
This commit is contained in:
Dylan T 2022-01-04 20:40:55 +00:00 committed by GitHub
parent 68f3399cfd
commit 958a9dbf0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/pocketmine/entity/Skin.php
View File

@ -28,6 +28,7 @@ use function implode;
use function in_array;
use function json_encode;
use function strlen;
use const INT32_MAX;
class Skin{
public const ACCEPTED_SKIN_SIZES = [
@ -67,10 +68,20 @@ class Skin{
}
}
private static function checkLength(string $string, string $name, int $maxLength) : void{
if(strlen($string) > $maxLength){
throw new InvalidSkinException("$name must be at most $maxLength bytes, but have " . strlen($string) . " bytes");
}
}
/**
* @throws InvalidSkinException
*/
public function validate() : void{
self::checkLength($this->skinId, "Skin ID", 32767);
self::checkLength($this->geometryName, "Geometry name", 32767);
self::checkLength($this->geometryData, "Geometry data", INT32_MAX);
if($this->skinId === ""){
throw new InvalidSkinException("Skin ID must not be empty");
}