From 5efd7ddf8a11bc8f4c6342c8908cfec48bda28de Mon Sep 17 00:00:00 2001 From: ChomeNS <95471003+ChomeNS@users.noreply.github.com> Date: Wed, 17 Sep 2025 18:08:11 +0700 Subject: [PATCH] fix: running *alts on username: `' OR '1'='1` not working correctly because of flags --- build-number.txt | 2 +- .../chomens_bot/command/CommandContext.java | 33 +++++++++++-------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/build-number.txt b/build-number.txt index ade26967..a690ddc1 100644 --- a/build-number.txt +++ b/build-number.txt @@ -1 +1 @@ -3660 \ No newline at end of file +3663 \ No newline at end of file diff --git a/src/main/java/me/chayapak1/chomens_bot/command/CommandContext.java b/src/main/java/me/chayapak1/chomens_bot/command/CommandContext.java index 72f1d452..12bfc3ed 100644 --- a/src/main/java/me/chayapak1/chomens_bot/command/CommandContext.java +++ b/src/main/java/me/chayapak1/chomens_bot/command/CommandContext.java @@ -52,12 +52,15 @@ public class CommandContext { private int argsPosition = 0; public String getString (final boolean greedy, final boolean required) throws CommandException { return getString(greedy, required, "string"); } - - public String getString (final boolean greedy, final boolean required, final boolean returnLowerCase) throws CommandException { return getString(greedy, returnLowerCase, required, "string"); } - - private String getString (final boolean greedy, final boolean required, final String type) throws CommandException { return getString(greedy, false, required, type); } - - private String getString (final boolean greedy, final boolean returnLowerCase, final boolean required, final String type) throws CommandException { + public String getString (final boolean greedy, final boolean required, final boolean returnLowerCase) throws CommandException { return getString(greedy, returnLowerCase, required, true, "string"); } + private String getString (final boolean greedy, final boolean required, final String type) throws CommandException { return getString(greedy, false, required, true, type); } + private String getString ( + final boolean greedy, + final boolean returnLowerCase, + final boolean required, + final boolean parseQuotes, + final String type + ) throws CommandException { if (argsPosition >= args.length || args[argsPosition] == null) { if (required) { throw new CommandException( @@ -98,8 +101,9 @@ public class CommandContext { if (greedy) { string.append(greedyString); } else if ( - greedyString.length() > 1 && - (greedyString.startsWith("'") || greedyString.startsWith("\"")) + parseQuotes + && greedyString.length() > 1 + && (greedyString.startsWith("'") || greedyString.startsWith("\"")) ) { // parses arguments with quotes @@ -175,11 +179,10 @@ public class CommandContext { } public String getAction () throws CommandException { - return getString(false, true, true, "action"); + return getString(false, true, true, true, "action"); } public List getFlags (final String... allowedFlags) throws CommandException { return getFlags(false, allowedFlags); } - public List getFlags (final boolean returnLowerCase, final String... allowedFlags) throws CommandException { final List flags = new ArrayList<>(); @@ -196,9 +199,12 @@ public class CommandContext { private String getFlag (final boolean returnLowerCase, final String[] allowedFlagsArray) throws CommandException { final List allowedFlags = Arrays.asList(allowedFlagsArray); - final String string = getString(false, false, returnLowerCase); + final String string = getString(false, returnLowerCase, false, false, "flag"); - if (string.isBlank()) return null; + if (string.isBlank()) { + argsPosition--; + return null; + } final Matcher matcher = FLAGS_PATTERN.matcher(string); @@ -275,7 +281,8 @@ public class CommandContext { return switch (string) { case "true" -> true; case "false" -> false; - default -> throw new CommandException(Component.translatable("arguments_parsing.error.invalid_type", Component.text("boolean"))); + default -> + throw new CommandException(Component.translatable("arguments_parsing.error.invalid_type", Component.text("boolean"))); }; }