From 5acc3afcb6f92bc65c7dfb9539b9fb83b4c18b6b Mon Sep 17 00:00:00 2001
From: punchready <marlin.gorsleben@gmail.com>
Date: Fri, 24 Mar 2023 21:39:24 +0100
Subject: [PATCH 1/2] Update STR handling to reject for-sure invalid framing
 values

---
 TShockAPI/Handlers/SendTileRectHandler.cs | 33 +++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/TShockAPI/Handlers/SendTileRectHandler.cs b/TShockAPI/Handlers/SendTileRectHandler.cs
index 3ff85fea..cb016307 100644
--- a/TShockAPI/Handlers/SendTileRectHandler.cs
+++ b/TShockAPI/Handlers/SendTileRectHandler.cs
@@ -173,6 +173,7 @@ namespace TShockAPI.Handlers
 					}
 
 					NetTile newTile = tiles[x, y];
+
 					TileObjectData data;
 
 					// If the new tile has an associated TileObjectData object, we take the tile and the surrounding tiles that make up the tile object
@@ -210,10 +211,26 @@ namespace TShockAPI.Handlers
 								case TileID.ShimmerMonolith:
 									{
 										// Allowed changes
+
+										// Based on empirical tests, these should be some conservative upper bounds for framing values
+										if (newTile.FrameX != -1 || newTile.FrameY != -1)
+										{
+											if (newTile.FrameX is < 0 or > 1000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+											if (newTile.FrameY is < 0 or > 5000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+										}
 									}
 									break;
 								default:
 									{
+										processed[x, y] = true;
 										continue;
 									}
 							}
@@ -233,10 +250,26 @@ namespace TShockAPI.Handlers
 								case TileID.TargetDummy:
 									{
 										// Allowed placements
+
+										// Based on empirical tests, these should be some conservative upper bounds for framing values
+										if (newTile.FrameX != -1 || newTile.FrameY != -1)
+										{
+											if (newTile.FrameX is < 0 or > 1000)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+											if (newTile.FrameY is < 0 or > 500)
+											{
+												processed[x, y] = true;
+												continue;
+											}
+										}
 									}
 									break;
 								default:
 									{
+										processed[x, y] = true;
 										continue;
 									}
 							}

From 3f55a86589943c881626c60e270dcac56d14f6ac Mon Sep 17 00:00:00 2001
From: punchready <marlin.gorsleben@gmail.com>
Date: Fri, 24 Mar 2023 21:40:31 +0100
Subject: [PATCH 2/2] Update changelog

---
 docs/changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/changelog.md b/docs/changelog.md
index be96f88c..053afcff 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -106,6 +106,7 @@ Use past tense when adding new entries; sign your name off when you add or chang
 * Allowed multiple test cases to be in TShock's test suite. (@drunderscore)
 * Fixed unable to use Purification/Evil Powder in jungle. (@sgkoishi)
 * Set the `GetDataHandledEventArgs.Player` property for the `SyncTilePicking` data handler. (@drunderscore)
+* Improved the exploit protection in tile rect handling. (@punchready)
 
 ## TShock 5.1.3
 * Added support for Terraria 1.4.4.9 via OTAPI 3.1.20. (@SignatureBeef)