Block removing hats with curse of binding using direct-hat (#3895)

Fixed loophole that allowed users to bypass curse of binding when using direct hat feature.

Related to #3299, which added similar checks to `/hat`.
This commit is contained in:
Josh Roy 2021-01-08 15:11:35 -05:00 committed by GitHub
parent 01987a0374
commit cb7b2dabf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -19,6 +19,7 @@ import org.bukkit.Location;
import org.bukkit.Material;
import org.bukkit.World;
import org.bukkit.command.PluginCommand;
import org.bukkit.enchantments.Enchantment;
import org.bukkit.entity.HumanEntity;
import org.bukkit.entity.Player;
import org.bukkit.event.EventHandler;
@ -782,8 +783,8 @@ public class EssentialsPlayerListener implements Listener {
clickedInventory = event.getRawSlot() < top.getSize() ? top : event.getView().getBottomInventory();
}
if (type == InventoryType.PLAYER) {
final User user = ess.getUser((Player) event.getWhoClicked());
if (type == InventoryType.PLAYER) {
final InventoryHolder invHolder = top.getHolder();
if (invHolder instanceof HumanEntity) {
final User invOwner = ess.getUser((Player) invHolder);
@ -793,19 +794,16 @@ public class EssentialsPlayerListener implements Listener {
}
}
} else if (type == InventoryType.ENDER_CHEST) {
final User user = ess.getUser((Player) event.getWhoClicked());
if (user.isEnderSee() && !user.isAuthorized("essentials.enderchest.modify")) {
event.setCancelled(true);
refreshPlayer = user.getBase();
}
} else if (type == InventoryType.WORKBENCH) {
final User user = ess.getUser((Player) event.getWhoClicked());
if (user.isRecipeSee()) {
event.setCancelled(true);
refreshPlayer = user.getBase();
}
} else if (type == InventoryType.CHEST && top.getSize() == 9) {
final User user = ess.getUser((Player) event.getWhoClicked());
final InventoryHolder invHolder = top.getHolder();
if (invHolder instanceof HumanEntity && user.isInvSee() && event.getClick() != ClickType.MIDDLE) {
event.setCancelled(true);
@ -815,7 +813,8 @@ public class EssentialsPlayerListener implements Listener {
if (ess.getSettings().isDirectHatAllowed() && event.getClick() == ClickType.LEFT && event.getSlot() == 39
&& event.getCursor().getType() != Material.AIR && event.getCursor().getType().getMaxDurability() == 0
&& !MaterialUtil.isSkull(event.getCursor().getType())
&& ess.getUser(event.getWhoClicked()).isAuthorized("essentials.hat") && !ess.getUser(event.getWhoClicked()).isAuthorized("essentials.hat.prevent-type." + event.getCursor().getType().name().toLowerCase())) {
&& user.isAuthorized("essentials.hat") && !user.isAuthorized("essentials.hat.prevent-type." + event.getCursor().getType().name().toLowerCase())
&& !isPreventBindingHat(user, (PlayerInventory) clickedInventory)) {
event.setCancelled(true);
final PlayerInventory inv = (PlayerInventory) clickedInventory;
final ItemStack head = inv.getHelmet();
@ -829,6 +828,14 @@ public class EssentialsPlayerListener implements Listener {
}
}
private boolean isPreventBindingHat(User user, PlayerInventory inventory) {
if (VersionUtil.getServerBukkitVersion().isHigherThan(VersionUtil.v1_9_4_R01)) {
final ItemStack head = inventory.getHelmet();
return head != null && head.getEnchantments().containsKey(Enchantment.BINDING_CURSE) && !user.isAuthorized("essentials.hat.ignore-binding");
}
return false;
}
@EventHandler(priority = EventPriority.MONITOR)
public void onInventoryCloseEvent(final InventoryCloseEvent event) {
Player refreshPlayer = null;