this fixes a potential exploit where clients could append JWTs signed with their own keys to the end of the chain containing fake XUID/UUID/username which would then overwrite the legitimate ones in earlier links.
This stems from the fact that the final link of the vanilla chain contains the client's own pubkey, so the client is able to append its own data to the end of the chain.
this is nearly the same as 1.5.0.0, except the skin packet premium boolean has been dropped.
This isn't production ready yet because the blockID table needs updating (waiting on MrARM to fix his script for that).
This allows deleting lots of code, and additionally provides a huge reduction in the compressed size of CraftingDataPacket. Since we don't care about these UUIDs (they are only used in CraftingEventPacket, which is broken and unused in PM) we fill them with zeros instead.
This commit brings in a much-needed rewrite of crafting transaction handling.
The following classes have been removed:
- CraftingTransferMaterialAction
- CraftingTakeResultAction
The following classes have significant changes:
- CraftingTransaction
- All API methods have been removed and are now handled in CraftItemEvent
- CraftItemEvent
- added the following:
- getInputs()
- getOutputs()
- getRepetitions() (tells how many times a recipe was crafted in this event)
- Recipe interface:
- Removed getResult() (individual recipes may handle this differently)
- CraftingRecipe interface
- removed the following:
- matchItems()
- getExtraResults()
- getAllResults()
- added the following
- getResults()
- getIngredientList() : Item[], which must return a 1D array of items that should be consumed (wildcards accepted).
- matchesCraftingGrid(CraftingGrid)
- ShapedRecipe
- constructor now accepts string[], Item[], Item[]
- ShapelessRecipe
- constructor now accepts Item[], Item[]
This cleans a lot of mess out of the bootstrap file, and also has the added bonus that threads which do not inherit functions can now get access to them by autoloading Utils.
