Skip to content

Commit

Permalink
InventoryView validation to prevent container rename spoofing
Browse files Browse the repository at this point in the history
  • Loading branch information
Parsonswy committed Dec 16, 2020
1 parent 14a13d5 commit 82bdcb3
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 4 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>peacefulcraft.net</groupId>
<artifactId>Tarje</artifactId>
<version>0.0.3</version>
<version>0.0.4</version>
<description>Off-brand, generic, and totally not copyright infringing Super Target for Minecraft.</description>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/plugin.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#
name: Tarje
main: net.peacefulcraft.tarje.Tarje
version: 0.0.3
version: 0.0.4
api-version: 1.16
website: https://www.peacefulcraft.net/
depend: [ Vault ]
Expand Down
10 changes: 9 additions & 1 deletion src/net/peacefulcraft/tarje/shop/SellMenu.java
Original file line number Diff line number Diff line change
@@ -1,28 +1,33 @@
package net.peacefulcraft.tarje.shop;

import java.util.HashMap;

import org.bukkit.Bukkit;
import org.bukkit.Material;
import org.bukkit.entity.Player;
import org.bukkit.event.inventory.InventoryClickEvent;
import org.bukkit.event.inventory.InventoryCloseEvent;
import org.bukkit.inventory.Inventory;
import org.bukkit.inventory.InventoryView;
import org.bukkit.inventory.ItemStack;

import net.peacefulcraft.tarje.Tarje;

public class SellMenu {

private Player p;
private HashMap<Player, InventoryView> openViews;

public SellMenu() {
this.openViews = new HashMap<Player, InventoryView>();
}

/**
* Open the shop inventory for a player
* @param p The player to open the inventory for
*/
public void openMenu(Player p) {
p.openInventory(Bukkit.getServer().createInventory(null, 45, "Sell Items"));
this.openViews.put(p, p.openInventory(Bukkit.getServer().createInventory(null, 45, "Sell Items")));
}

/**
Expand All @@ -31,6 +36,7 @@ public void openMenu(Player p) {
*/
public void onInventoryClick(InventoryClickEvent ev) {
if (ev.getCurrentItem() == null) { return; }
if (!this.openViews.containsKey((Player) ev.getView().getPlayer())) { return; }

if (!Tarje._this().isItemSellable(ev.getCurrentItem().getType())) {
ev.setCancelled(true);
Expand All @@ -41,6 +47,8 @@ public void onInventoryClick(InventoryClickEvent ev) {
public void onClose(InventoryCloseEvent ev) {
Player p = (Player) ev.getPlayer();
Inventory inventory = ev.getInventory();
if(!this.openViews.containsKey(p)) { return; }
this.openViews.remove(p);

String confirmationMessage = "You sold ";
double moneyDue = 0.0;
Expand Down
7 changes: 6 additions & 1 deletion src/net/peacefulcraft/tarje/shop/ShopMenu.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.util.ArrayList;
import java.util.HashMap;

import org.bukkit.Bukkit;
import org.bukkit.Material;
import org.bukkit.entity.Player;
import org.bukkit.event.inventory.InventoryType;
Expand Down Expand Up @@ -119,6 +120,7 @@ public void closeShop(Player p) {
* @param item The item that was clicked on
*/
public void onShopInventoryClick(Player p, int slotNumber, ItemStack item) {
if (!this.activeViews.containsKey(p)) { return; }
ShopItem shopItem = this.config.getItems().get(slotNumber);
if (!shopItem.isPurchasable()) {
p.sendMessage(Tarje.messagingPrefix + "Sorry, " + shopItem.getItem() + " is not purchasable.");
Expand All @@ -127,7 +129,9 @@ public void onShopInventoryClick(Player p, int slotNumber, ItemStack item) {

Inventory purchaseQuantityMenu = this.generatePurchaseQuantityMenu(shopItem);
this.closeShop(p);
this.activeViews.put(p, p.openInventory(purchaseQuantityMenu));
Bukkit.getScheduler().runTask(Tarje._this(), () -> {
this.activeViews.put(p, p.openInventory(purchaseQuantityMenu));
});
}

/**
Expand Down Expand Up @@ -166,6 +170,7 @@ private Inventory generatePurchaseQuantityMenu(ShopItem item) {
* @param item The item in the inventory that was clicked
*/
public void onPurchaseQuantityInventoryClick(Player p, String title, ItemStack item) {
if (!this.activeViews.containsKey(p)) { return; }
ShopItem shopItem = config.getItems().get(Integer.valueOf(title.split(" ")[2]));
int purchaseQuantity = item.getAmount();
double purcahsePrice = shopItem.getBuyPrice() * purchaseQuantity;
Expand Down

0 comments on commit 82bdcb3

Please sign in to comment.