Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-07-28 07:58:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request from GHSA-c8wx-65c7-q9r3

Browse source 
Co-authored-by: Slendy <josh@slendy.pw>
This commit is contained in:
sudokoko 2023-12-23 00:49:59 -05:00 committed by GitHub
commit ef87606ba2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 41069 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ProjectLighthouse.Servers.GameServer/Controllers/Slots/PublishController.cs
View file

@ -5,6 +5,7 @@ using LBPUnion.ProjectLighthouse.Extensions;
using LBPUnion.ProjectLighthouse.Files;
using LBPUnion.ProjectLighthouse.Helpers;
using LBPUnion.ProjectLighthouse.Logging;
using LBPUnion.ProjectLighthouse.Servers.GameServer.Helpers;
using LBPUnion.ProjectLighthouse.Types.Entities.Level;
using LBPUnion.ProjectLighthouse.Types.Entities.Profile;
using LBPUnion.ProjectLighthouse.Types.Entities.Token;
@ -157,6 +158,14 @@ public class PublishController : ControllerBase
return this.BadRequest();
}
if (!GameResourceHelper.IsValidTexture(slot.IconHash))
{
Logger.Warn("Rejecting level upload, invalid icon resource", LogArea.Publish);
await this.database.SendNotification(user.UserId,
$"{slot.Name} failed to publish because your level icon is invalid. (LH-PUB-0010)");
return this.BadRequest();
}
if (slot.Resources.Any(resource => !FileHelper.ResourceExists(resource)))
{
Logger.Warn("Rejecting level upload, missing resource(s)", LogArea.Publish);

5
ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs
View file

@ -4,6 +4,7 @@ using LBPUnion.ProjectLighthouse.Database;
using LBPUnion.ProjectLighthouse.Extensions;
using LBPUnion.ProjectLighthouse.Files;
using LBPUnion.ProjectLighthouse.Logging;
using LBPUnion.ProjectLighthouse.Servers.GameServer.Helpers;
using LBPUnion.ProjectLighthouse.Servers.GameServer.Types.Users;
using LBPUnion.ProjectLighthouse.Types.Entities.Level;
using LBPUnion.ProjectLighthouse.Types.Entities.Profile;
@ -85,7 +86,9 @@ public class UserController : ControllerBase
{
if (string.IsNullOrWhiteSpace(resource)) continue;
if (!FileHelper.ResourceExists(resource)) return this.BadRequest();
if (!FileHelper.ResourceExists(resource) && !resource.StartsWith('g')) return this.BadRequest();
if (!GameResourceHelper.IsValidTexture(resource)) return this.BadRequest();
}
if (update.IconHash != null) user.IconHash = update.IconHash;