mirror/Plan
2
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2025-01-30 16:19:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevented a future accidental XSS vulnerability in Player UUID parsing

Browse Source 
The server parameter was passed to an exception that is currently turned into
json, but in the future the way this exception is handled could have changed.
This commit is contained in:
Risto Lahtela 2021-01-24 11:03:57 +02:00
parent d64a967497
commit 8544e5a904
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Plan/common/src/main/java/com/djrapitops/plan/identification/Identifiers.java
View File

@ -97,7 +97,7 @@ public class Identifiers {
private UUID getPlayerUUIDFromName(String playerName) {
return dbSystem.getDatabase()
.query(UserIdentifierQueries.fetchPlayerUUIDOf(playerName))
.orElseThrow(() -> new BadRequestException("Given 'player' was not found in the database: '" + playerName + "'"));
.orElseThrow(() -> new BadRequestException("Given 'player' was not found in the database."));
}
public UUID getPlayerUUID(String name) {