From be102dc95fdd3ea690b63f54dae469155f4605d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 11:51:31 +0000 Subject: [PATCH 01/13] Bump ncipollo/release-action from 1.13.0 to 1.14.0 (#6250) Bumps [ncipollo/release-action](https://github.com/ncipollo/release-action) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](https://github.com/ncipollo/release-action/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: ncipollo/release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/draft-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 77467fad2..9b780b4e3 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -86,7 +86,7 @@ jobs: ${{ github.workspace }}/build_info.json - name: Create draft release - uses: ncipollo/release-action@v1.13.0 + uses: ncipollo/release-action@v1.14.0 with: artifacts: ${{ github.workspace }}/PocketMine-MP.phar,${{ github.workspace }}/start.*,${{ github.workspace }}/build_info.json commit: ${{ github.sha }} From 53cbc44d707c7b23f57c9b03ac12150bb5a4b74a Mon Sep 17 00:00:00 2001 From: Dylan T Date: Thu, 15 Feb 2024 14:51:34 +0000 Subject: [PATCH 02/13] Update PULL_REQUEST_TEMPLATE.md [ci skip] --- .github/PULL_REQUEST_TEMPLATE.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 8a541dfec..022518e81 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -34,7 +34,10 @@ Requires translations: ## Tests +I tested this PR by doing the following (tick all that apply): +- [ ] Writing PHPUnit tests (commit these in the `tests/phpunit` folder) +- [ ] Playtesting using a Minecraft client (provide screenshots or a video) +- [ ] Writing a test plugin (provide the code and sample output) +- [ ] Other (provide details) From db894e3a4a5bb9a80b3ac07ac91f58bdaf15176a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Le=C3=B3n?= <58715544+JavierLeon9966@users.noreply.github.com> Date: Fri, 16 Feb 2024 16:52:10 +0000 Subject: [PATCH 03/13] Fixed `Utils::cloneObjectArray()` template signature (#6255) --- src/utils/Utils.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/utils/Utils.php b/src/utils/Utils.php index f5ec5f8e4..46d673216 100644 --- a/src/utils/Utils.php +++ b/src/utils/Utils.php @@ -173,16 +173,17 @@ final class Utils{ } /** - * @phpstan-template T of object + * @phpstan-template TKey of array-key + * @phpstan-template TValue of object * * @param object[] $array - * @phpstan-param T[] $array + * @phpstan-param array $array * * @return object[] - * @phpstan-return T[] + * @phpstan-return array */ public static function cloneObjectArray(array $array) : array{ - /** @phpstan-var \Closure(T) : T $callback */ + /** @phpstan-var \Closure(TValue) : TValue $callback */ $callback = self::cloneCallback(); return array_map($callback, $array); } From 44ce9ca610f4bfcd815a50ba6f7ab30e31d099c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 16:16:16 +0000 Subject: [PATCH 04/13] Bump phpstan/phpstan from 1.10.57 to 1.10.58 (#6260) Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.10.57 to 1.10.58. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/1.11.x/CHANGELOG.md) - [Commits](https://github.com/phpstan/phpstan/compare/1.10.57...1.10.58) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer.json | 2 +- composer.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/composer.json b/composer.json index 47e798b16..f99c44dc5 100644 --- a/composer.json +++ b/composer.json @@ -52,7 +52,7 @@ "symfony/filesystem": "~6.4.0" }, "require-dev": { - "phpstan/phpstan": "1.10.57", + "phpstan/phpstan": "1.10.58", "phpstan/phpstan-phpunit": "^1.1.0", "phpstan/phpstan-strict-rules": "^1.2.0", "phpunit/phpunit": "~10.3.0 || ~10.2.0 || ~10.1.0" diff --git a/composer.lock b/composer.lock index 47aeeaeca..876e52fb7 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d923f5fd75f0d33eb5198268a74a58b4", + "content-hash": "9e781d0fef7796616b0580e7b06cc6d1", "packages": [ { "name": "adhocore/json-comment", @@ -1380,16 +1380,16 @@ }, { "name": "phpstan/phpstan", - "version": "1.10.57", + "version": "1.10.58", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "1627b1d03446904aaa77593f370c5201d2ecc34e" + "reference": "a23518379ec4defd9e47cbf81019526861623ec2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/1627b1d03446904aaa77593f370c5201d2ecc34e", - "reference": "1627b1d03446904aaa77593f370c5201d2ecc34e", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/a23518379ec4defd9e47cbf81019526861623ec2", + "reference": "a23518379ec4defd9e47cbf81019526861623ec2", "shasum": "" }, "require": { @@ -1438,7 +1438,7 @@ "type": "tidelift" } ], - "time": "2024-01-24T11:51:34+00:00" + "time": "2024-02-12T20:02:57+00:00" }, { "name": "phpstan/phpstan-phpunit", From e06b042cd033c25798d25531fac5e66f71b9daf0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 16:16:28 +0000 Subject: [PATCH 05/13] Bump pmmp/setup-php-action from 2.0.0 to 3.0.0 (#6259) Bumps [pmmp/setup-php-action](https://github.com/pmmp/setup-php-action) from 2.0.0 to 3.0.0. - [Release notes](https://github.com/pmmp/setup-php-action/releases) - [Commits](https://github.com/pmmp/setup-php-action/compare/2.0.0...3.0.0) --- updated-dependencies: - dependency-name: pmmp/setup-php-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main-php-matrix.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main-php-matrix.yml b/.github/workflows/main-php-matrix.yml index 110f8d0ed..846459748 100644 --- a/.github/workflows/main-php-matrix.yml +++ b/.github/workflows/main-php-matrix.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@2.0.0 + uses: pmmp/setup-php-action@3.0.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -62,7 +62,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@2.0.0 + uses: pmmp/setup-php-action@3.0.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -96,7 +96,7 @@ jobs: submodules: true - name: Setup PHP - uses: pmmp/setup-php-action@2.0.0 + uses: pmmp/setup-php-action@3.0.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -128,7 +128,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@2.0.0 + uses: pmmp/setup-php-action@3.0.0 with: php-version: ${{ inputs.php }} install-path: "./bin" From 6872661fd03649cc7a8762c41c16e9ee5a4de1c9 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 23 Feb 2024 14:10:02 +0000 Subject: [PATCH 06/13] Harden JsonMapper on login JSON handling --- composer.json | 2 +- composer.lock | 29 +++++++++---------- src/network/mcpe/auth/ProcessLoginTask.php | 2 ++ .../mcpe/handler/LoginPacketHandler.php | 2 ++ 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/composer.json b/composer.json index f99c44dc5..c3f94ad34 100644 --- a/composer.json +++ b/composer.json @@ -32,7 +32,7 @@ "ext-zlib": ">=1.2.11", "composer-runtime-api": "^2.0", "adhocore/json-comment": "~1.2.0", - "pocketmine/netresearch-jsonmapper": "~v4.2.1000", + "pocketmine/netresearch-jsonmapper": "~v4.4.999", "pocketmine/bedrock-block-upgrade-schema": "~3.5.0+bedrock-1.20.60", "pocketmine/bedrock-data": "~2.8.0+bedrock-1.20.60", "pocketmine/bedrock-item-upgrade-schema": "~1.7.0+bedrock-1.20.60", diff --git a/composer.lock b/composer.lock index 876e52fb7..9254bdff4 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "9e781d0fef7796616b0580e7b06cc6d1", + "content-hash": "14848cb7b70d0fa63ed46b30128c2320", "packages": [ { "name": "adhocore/json-comment", @@ -200,21 +200,20 @@ }, { "name": "pocketmine/bedrock-protocol", - "version": "27.0.1+bedrock-1.20.60", + "version": "27.0.2+bedrock-1.20.60", "source": { "type": "git", "url": "https://github.com/pmmp/BedrockProtocol.git", - "reference": "0cebb55f6e904f722b14d420f6b2c84c7fa69f10" + "reference": "6905865133b69da8c95a13c563d349e1993c06b8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pmmp/BedrockProtocol/zipball/0cebb55f6e904f722b14d420f6b2c84c7fa69f10", - "reference": "0cebb55f6e904f722b14d420f6b2c84c7fa69f10", + "url": "https://api.github.com/repos/pmmp/BedrockProtocol/zipball/6905865133b69da8c95a13c563d349e1993c06b8", + "reference": "6905865133b69da8c95a13c563d349e1993c06b8", "shasum": "" }, "require": { "ext-json": "*", - "netresearch/jsonmapper": "^4.0", "php": "^8.1", "pocketmine/binaryutils": "^0.2.0", "pocketmine/color": "^0.2.0 || ^0.3.0", @@ -241,9 +240,9 @@ "description": "An implementation of the Minecraft: Bedrock Edition protocol in PHP", "support": { "issues": "https://github.com/pmmp/BedrockProtocol/issues", - "source": "https://github.com/pmmp/BedrockProtocol/tree/27.0.1+bedrock-1.20.60" + "source": "https://github.com/pmmp/BedrockProtocol/tree/27.0.2+bedrock-1.20.60" }, - "time": "2024-02-07T11:53:50+00:00" + "time": "2024-02-23T13:43:39+00:00" }, { "name": "pocketmine/binaryutils", @@ -563,16 +562,16 @@ }, { "name": "pocketmine/netresearch-jsonmapper", - "version": "v4.2.1000", + "version": "v4.4.999", "source": { "type": "git", "url": "https://github.com/pmmp/netresearch-jsonmapper.git", - "reference": "078764e869e9b732f97206ec9363480a77c35532" + "reference": "9a6610033d56e358e86a3e4fd5f87063c7318833" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/078764e869e9b732f97206ec9363480a77c35532", - "reference": "078764e869e9b732f97206ec9363480a77c35532", + "url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/9a6610033d56e358e86a3e4fd5f87063c7318833", + "reference": "9a6610033d56e358e86a3e4fd5f87063c7318833", "shasum": "" }, "require": { @@ -586,7 +585,7 @@ "netresearch/jsonmapper": "~4.2.0" }, "require-dev": { - "phpunit/phpunit": "~7.5 || ~8.0 || ~9.0", + "phpunit/phpunit": "~7.5 || ~8.0 || ~9.0 || ~10.0", "squizlabs/php_codesniffer": "~3.5" }, "type": "library", @@ -611,9 +610,9 @@ "support": { "email": "cweiske@cweiske.de", "issues": "https://github.com/cweiske/jsonmapper/issues", - "source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.2.1000" + "source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.4.999" }, - "time": "2023-07-14T10:44:14+00:00" + "time": "2024-02-23T13:17:01+00:00" }, { "name": "pocketmine/raklib", diff --git a/src/network/mcpe/auth/ProcessLoginTask.php b/src/network/mcpe/auth/ProcessLoginTask.php index 607b75c89..9078fca75 100644 --- a/src/network/mcpe/auth/ProcessLoginTask.php +++ b/src/network/mcpe/auth/ProcessLoginTask.php @@ -135,6 +135,7 @@ class ProcessLoginTask extends AsyncTask{ $mapper = new \JsonMapper(); $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; $mapper->bEnforceMapType = false; try{ @@ -181,6 +182,7 @@ class ProcessLoginTask extends AsyncTask{ $mapper = new \JsonMapper(); $mapper->bExceptionOnUndefinedProperty = false; //we only care about the properties we're using in this case $mapper->bExceptionOnMissingData = true; + $mapper->bStrictObjectTypeChecking = true; $mapper->bEnforceMapType = false; $mapper->bRemoveUndefinedAttributes = true; try{ diff --git a/src/network/mcpe/handler/LoginPacketHandler.php b/src/network/mcpe/handler/LoginPacketHandler.php index 26e2bf028..2e3a51519 100644 --- a/src/network/mcpe/handler/LoginPacketHandler.php +++ b/src/network/mcpe/handler/LoginPacketHandler.php @@ -169,6 +169,7 @@ class LoginPacketHandler extends PacketHandler{ $mapper->bEnforceMapType = false; //TODO: we don't really need this as an array, but right now we don't have enough models $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; try{ /** @var AuthenticationData $extraData */ $extraData = $mapper->map($claims["extraData"], new AuthenticationData()); @@ -197,6 +198,7 @@ class LoginPacketHandler extends PacketHandler{ $mapper->bEnforceMapType = false; //TODO: we don't really need this as an array, but right now we don't have enough models $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; try{ $clientData = $mapper->map($clientDataClaims, new ClientData()); }catch(\JsonMapper_Exception $e){ From db665fefdbec044f155625f3fbc5c9d17c28e1bd Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 23 Feb 2024 14:10:24 +0000 Subject: [PATCH 07/13] Harden JsonMapper defaults in general --- .../bedrock/block/upgrade/BlockStateUpgradeSchemaUtils.php | 3 +++ src/data/bedrock/item/upgrade/ItemIdMetaUpgradeSchemaUtils.php | 3 +++ src/resourcepacks/ZippedResourcePack.php | 1 + src/updater/UpdateCheckTask.php | 1 + 4 files changed, 8 insertions(+) diff --git a/src/data/bedrock/block/upgrade/BlockStateUpgradeSchemaUtils.php b/src/data/bedrock/block/upgrade/BlockStateUpgradeSchemaUtils.php index 82e777134..9c63d51f0 100644 --- a/src/data/bedrock/block/upgrade/BlockStateUpgradeSchemaUtils.php +++ b/src/data/bedrock/block/upgrade/BlockStateUpgradeSchemaUtils.php @@ -389,6 +389,9 @@ final class BlockStateUpgradeSchemaUtils{ } $jsonMapper = new \JsonMapper(); + $jsonMapper->bExceptionOnMissingData = true; + $jsonMapper->bExceptionOnUndefinedProperty = true; + $jsonMapper->bStrictObjectTypeChecking = true; try{ $model = $jsonMapper->map($json, new BlockStateUpgradeSchemaModel()); }catch(\JsonMapper_Exception $e){ diff --git a/src/data/bedrock/item/upgrade/ItemIdMetaUpgradeSchemaUtils.php b/src/data/bedrock/item/upgrade/ItemIdMetaUpgradeSchemaUtils.php index ef1543a80..0fa10803a 100644 --- a/src/data/bedrock/item/upgrade/ItemIdMetaUpgradeSchemaUtils.php +++ b/src/data/bedrock/item/upgrade/ItemIdMetaUpgradeSchemaUtils.php @@ -88,6 +88,9 @@ final class ItemIdMetaUpgradeSchemaUtils{ } $jsonMapper = new \JsonMapper(); + $jsonMapper->bExceptionOnMissingData = true; + $jsonMapper->bExceptionOnUndefinedProperty = true; + $jsonMapper->bStrictObjectTypeChecking = true; try{ $model = $jsonMapper->map($json, new ItemIdMetaUpgradeSchemaModel()); }catch(\JsonMapper_Exception $e){ diff --git a/src/resourcepacks/ZippedResourcePack.php b/src/resourcepacks/ZippedResourcePack.php index 7ba5c467d..da7db1db7 100644 --- a/src/resourcepacks/ZippedResourcePack.php +++ b/src/resourcepacks/ZippedResourcePack.php @@ -108,6 +108,7 @@ class ZippedResourcePack implements ResourcePack{ $mapper = new \JsonMapper(); $mapper->bExceptionOnMissingData = true; + $mapper->bStrictObjectTypeChecking = true; try{ /** @var Manifest $manifest */ diff --git a/src/updater/UpdateCheckTask.php b/src/updater/UpdateCheckTask.php index ae56682f3..af73f05af 100644 --- a/src/updater/UpdateCheckTask.php +++ b/src/updater/UpdateCheckTask.php @@ -55,6 +55,7 @@ class UpdateCheckTask extends AsyncTask{ }else{ $mapper = new \JsonMapper(); $mapper->bExceptionOnMissingData = true; + $mapper->bStrictObjectTypeChecking = true; $mapper->bEnforceMapType = false; try{ /** @var UpdateInfo $responseObj */ From 7b89dda420ecd2f2f20fff087aa45474d5bb8a32 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 23 Feb 2024 14:19:01 +0000 Subject: [PATCH 08/13] Release 5.11.1 --- changelogs/5.11.md | 13 +++++++++++++ src/VersionInfo.php | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/changelogs/5.11.md b/changelogs/5.11.md index 9ec0a3a6c..96c05bf1b 100644 --- a/changelogs/5.11.md +++ b/changelogs/5.11.md @@ -24,3 +24,16 @@ Consider using the `mcpe-protocol` directive in `plugin.yml` as a constraint if - Restructured GitHub Actions CI workflows to make them easier to maintain (no need to update PHP versions in multiple places anymore). - GitHub Actions CodeStyle workflow now uses php-cs-fixer 3.49.x. - Dependabot updates are now processed weekly instead of daily. + +# 5.11.1 +Released 23rd February 2024. + +## Fixes +- Fixed subchunk count calculation in `ChunkSerializer` for non-overworld dimension (useful for dimension plugins). +- Harden options used for processing JSON data, particularly on the network, to close security issues. + +## Documentation +- Fixed PHPStan signature for `Utils::cloneObjectArray()`. + +## Internals +- Updated GitHub Actions versions to get rid of deprecation warnings. diff --git a/src/VersionInfo.php b/src/VersionInfo.php index c87bc899b..4072fb959 100644 --- a/src/VersionInfo.php +++ b/src/VersionInfo.php @@ -32,7 +32,7 @@ use function str_repeat; final class VersionInfo{ public const NAME = "PocketMine-MP"; public const BASE_VERSION = "5.11.1"; - public const IS_DEVELOPMENT_BUILD = true; + public const IS_DEVELOPMENT_BUILD = false; public const BUILD_CHANNEL = "stable"; /** From b744e09352a714d89220719ab6948a010ac636fc Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 23 Feb 2024 14:19:02 +0000 Subject: [PATCH 09/13] 5.11.2 is next --- src/VersionInfo.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/VersionInfo.php b/src/VersionInfo.php index 4072fb959..52fecb633 100644 --- a/src/VersionInfo.php +++ b/src/VersionInfo.php @@ -31,8 +31,8 @@ use function str_repeat; final class VersionInfo{ public const NAME = "PocketMine-MP"; - public const BASE_VERSION = "5.11.1"; - public const IS_DEVELOPMENT_BUILD = false; + public const BASE_VERSION = "5.11.2"; + public const IS_DEVELOPMENT_BUILD = true; public const BUILD_CHANNEL = "stable"; /** From 561ffd3da38d4b5d342dbb9b26487092b013986f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:27:56 +0000 Subject: [PATCH 10/13] Bump pmmp/setup-php-action from 3.0.0 to 3.1.0 (#6267) Bumps [pmmp/setup-php-action](https://github.com/pmmp/setup-php-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/pmmp/setup-php-action/releases) - [Commits](https://github.com/pmmp/setup-php-action/compare/3.0.0...3.1.0) --- updated-dependencies: - dependency-name: pmmp/setup-php-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main-php-matrix.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main-php-matrix.yml b/.github/workflows/main-php-matrix.yml index 846459748..b81ac8b46 100644 --- a/.github/workflows/main-php-matrix.yml +++ b/.github/workflows/main-php-matrix.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@3.0.0 + uses: pmmp/setup-php-action@3.1.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -62,7 +62,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@3.0.0 + uses: pmmp/setup-php-action@3.1.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -96,7 +96,7 @@ jobs: submodules: true - name: Setup PHP - uses: pmmp/setup-php-action@3.0.0 + uses: pmmp/setup-php-action@3.1.0 with: php-version: ${{ inputs.php }} install-path: "./bin" @@ -128,7 +128,7 @@ jobs: - uses: actions/checkout@v4 - name: Setup PHP - uses: pmmp/setup-php-action@3.0.0 + uses: pmmp/setup-php-action@3.1.0 with: php-version: ${{ inputs.php }} install-path: "./bin" From 47f011966092f275cc1b11f8de635e89fd9651a7 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Mon, 26 Feb 2024 14:35:21 +0000 Subject: [PATCH 11/13] InGamePacketHandler: added an extra check --- src/network/mcpe/handler/InGamePacketHandler.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/network/mcpe/handler/InGamePacketHandler.php b/src/network/mcpe/handler/InGamePacketHandler.php index 8c3449d41..860f3c465 100644 --- a/src/network/mcpe/handler/InGamePacketHandler.php +++ b/src/network/mcpe/handler/InGamePacketHandler.php @@ -869,8 +869,12 @@ class InGamePacketHandler extends PacketHandler{ } public function handleBookEdit(BookEditPacket $packet) : bool{ + $inventory = $this->player->getInventory(); + if(!$inventory->slotExists($packet->inventorySlot)){ + return false; + } //TODO: break this up into book API things - $oldBook = $this->player->getInventory()->getItem($packet->inventorySlot); + $oldBook = $inventory->getItem($packet->inventorySlot); if(!($oldBook instanceof WritableBook)){ return false; } From aee36564156b3dbb2791fb17ad1c01d16335b7b6 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Mon, 26 Feb 2024 14:45:47 +0000 Subject: [PATCH 12/13] Release 5.11.2 --- changelogs/5.11.md | 6 ++++++ src/VersionInfo.php | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/changelogs/5.11.md b/changelogs/5.11.md index 96c05bf1b..e993dceec 100644 --- a/changelogs/5.11.md +++ b/changelogs/5.11.md @@ -37,3 +37,9 @@ Released 23rd February 2024. ## Internals - Updated GitHub Actions versions to get rid of deprecation warnings. + +# 5.11.2 +Released 26th February 2024. + +## Fixes +- Added extra checks for `BookEditPacket` handling. diff --git a/src/VersionInfo.php b/src/VersionInfo.php index 52fecb633..104d54456 100644 --- a/src/VersionInfo.php +++ b/src/VersionInfo.php @@ -32,7 +32,7 @@ use function str_repeat; final class VersionInfo{ public const NAME = "PocketMine-MP"; public const BASE_VERSION = "5.11.2"; - public const IS_DEVELOPMENT_BUILD = true; + public const IS_DEVELOPMENT_BUILD = false; public const BUILD_CHANNEL = "stable"; /** From 34a5f91aa9506a8369879e29f472c68a91c5b9e1 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Mon, 26 Feb 2024 14:45:48 +0000 Subject: [PATCH 13/13] 5.11.3 is next --- src/VersionInfo.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/VersionInfo.php b/src/VersionInfo.php index 104d54456..946e53a23 100644 --- a/src/VersionInfo.php +++ b/src/VersionInfo.php @@ -31,8 +31,8 @@ use function str_repeat; final class VersionInfo{ public const NAME = "PocketMine-MP"; - public const BASE_VERSION = "5.11.2"; - public const IS_DEVELOPMENT_BUILD = false; + public const BASE_VERSION = "5.11.3"; + public const IS_DEVELOPMENT_BUILD = true; public const BUILD_CHANNEL = "stable"; /**