misc/chomens-bot-java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: stack overflow kick exploit by section sign + characters that aren't in the codes like v

Browse Source
This commit is contained in:
ChomeNS
2025-05-25 09:21:54 +07:00
parent 95a1f58fe1
commit 263ea7458c
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/me/chayapak1/chomens_bot/util/ComponentUtilities.java
View File

@@ -101,13 +101,13 @@ public class ComponentUtilities {
private static String guardedStringify (final ComponentEncoder<Component, String> serializer, final Component message) {
try {
return serializer.serialize(message);
} catch (final Exception e) {
} catch (final Throwable throwable) {
return guardedStringify(
serializer,
Component.translatable(
"<Failed to parse component: %s>",
NamedTextColor.RED,
Component.text(e.toString())
Component.text(throwable.toString())
)
);
} finally {
@@ -169,7 +169,9 @@ public class ComponentUtilities {
return component.content();
} else {
// we deserialize then serialize again
final TextComponent deserialized = LEGACY_COMPONENT_SERIALIZER.deserialize(content);
final TextComponent deserialized = LEGACY_COMPONENT_SERIALIZER
// prevents stack overflow since adventure seems to just ignore invalid codes
.deserialize(content.replaceAll("§[^a-f0-9rlonmk]", ""));
return isDiscord
? stringifyDiscordAnsi(deserialized)