Miko/baritone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4720 from ZacSharp/pr/1.19.4/commands/preventRemoteCommandExecution

Browse Source 
Don't let servers trick users into running arbitrary Baritone commands
This commit is contained in:
leijurv
2025-04-21 16:23:49 -07:00
committed by GitHub
parent 2fc8490c72 7aab08ae0f
commit d74420b265
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/launch/java/baritone/launch/mixins/MixinScreen.java
View File

@@ -21,17 +21,19 @@ import baritone.api.BaritoneAPI;
import baritone.api.IBaritone;
import baritone.api.event.events.ChatEvent;
import baritone.utils.accessor.IGuiScreen;
import net.minecraft.client.gui.screens.Screen;
import net.minecraft.network.chat.ClickEvent;
import net.minecraft.network.chat.Style;
import org.spongepowered.asm.mixin.Mixin;
import org.spongepowered.asm.mixin.gen.Invoker;
import java.net.URI;
import net.minecraft.client.gui.screens.Screen;
import org.spongepowered.asm.mixin.injection.At;
import org.spongepowered.asm.mixin.injection.Inject;
import org.spongepowered.asm.mixin.injection.callback.CallbackInfoReturnable;
import java.net.URI;
import static baritone.api.command.IBaritoneChatControl.FORCE_COMMAND_PREFIX;
@Mixin(Screen.class)
public abstract class MixinScreen implements IGuiScreen {
@@ -47,9 +49,13 @@ public abstract class MixinScreen implements IGuiScreen {
if (clickEvent == null) {
return;
}
String command = clickEvent.getValue();
if (command == null || !command.startsWith(FORCE_COMMAND_PREFIX)) {
return;
}
IBaritone baritone = BaritoneAPI.getProvider().getPrimaryBaritone();
if (baritone != null) {
baritone.getGameEventHandler().onSendChatMessage(new ChatEvent(clickEvent.getValue()));
baritone.getGameEventHandler().onSendChatMessage(new ChatEvent(command));
}
cir.setReturnValue(true);
cir.cancel();