From 65bbd80ca63689f2ac5a9448cc7759342044a128 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Sun, 4 Jul 2021 21:33:48 -0400 Subject: [PATCH 01/18] Add perm check for EoL + Sundial ForceTime check If the player does not have permission to summon bosses, they should not be able to kill Prismatic Lacewing, which summons the Empress of Light. Using the Enchanted Sundial while ForceTime is set to day or night (via config) will conflict with TShock's continued attempts to set it back to day or night, this makes the world appear very glitchy. --- TShockAPI/GetDataHandlers.cs | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/TShockAPI/GetDataHandlers.cs b/TShockAPI/GetDataHandlers.cs index e92d19a9..dfb4467a 100644 --- a/TShockAPI/GetDataHandlers.cs +++ b/TShockAPI/GetDataHandlers.cs @@ -2809,10 +2809,17 @@ namespace TShockAPI { args.Player.SendErrorMessage("You do not have permission to hurt Town NPCs."); args.Player.SendData(PacketTypes.NpcUpdate, "", id); - TShock.Log.ConsoleDebug("GetDataHandlers / HandleNpcStrike rejected npc strike {0}", args.Player.Name); + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleNpcStrike rejected npc strike {args.Player.Name}"); + return true; + } + + if (Main.npc[id].netID == NPCID.EmpressButterfly && !args.Player.HasPermission(Permissions.summonboss)) + { + args.Player.SendErrorMessage("You do not have permission to summon the Empress of Light."); + args.Player.SendData(PacketTypes.NpcUpdate, "", id); + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleNpcStrike rejected EoL summon from {args.Player.Name}"); return true; } - return false; } @@ -3201,11 +3208,20 @@ namespace TShockAPI return true; } - if (type == 3 && !args.Player.HasPermission(Permissions.usesundial)) + if (type == 3) { - TShock.Log.ConsoleDebug("GetDataHandlers / HandleSpecial rejected enchanted sundial permission {0}", args.Player.Name); - args.Player.SendErrorMessage("You do not have permission to use the Enchanted Sundial."); - return true; + if (!args.Player.HasPermission(Permissions.usesundial)) + { + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleSpecial rejected enchanted sundial permission {args.Player.Name}"); + args.Player.SendErrorMessage("You do not have permission to use the Enchanted Sundial."); + return true; + } + else if (TShock.Config.Settings.ForceTime != "normal") + { + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleSpecial rejected enchanted sundial permission (ForceTime) { args.Player.Name}"); + args.Player.SendErrorMessage($"You must set ForceTime to normal via config to use the Enchanted Sundial."); + return true; + } } return false; From dd9067a50ab420d1bf92cf1a385af4cc06d600d4 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Sun, 4 Jul 2021 21:38:34 -0400 Subject: [PATCH 02/18] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85d31e64..b77fdf94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) +* Added `summonboss` permission check for Prismatic Lacewing. Players who do not have said permission will be unable to kill this critter, as it will summon the Empress of Light. (@moisterrific) +* Added `ForceTime` config setting check for Enchanted Sundial usage. If `ForceTime` is set to anything other than `normal`, Sundial use will be rejected as this would lead to very janky game behavior. (@moisterrific) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From ef603f61a860df671074025624f4e92bb13adb3a Mon Sep 17 00:00:00 2001 From: James Puleo Date: Fri, 9 Jul 2021 17:27:41 -0400 Subject: [PATCH 03/18] Consistently use `TilePlacementValid` and `SendTileSquare` in Bouncer. There are 3 different ways Bouncer uses these: - Not checking `TilePlacementValid` at all. - Checking `TilePlacementValid`, rejecting, but then doing a `SendTileSquare` to that player. - Checking `TilePlacementValid`, rejecting. _(this is what we should always be doing)_ Not checking `TilePlacementValid` can allow for placement outside of the world (unknown results), and checking `TilePlacementValid` and sending a `SendTileSquare` on rejection causes the server to try to frame that square. In the case of invalid coordinates (negative), framing takes much longer than expected. --- CHANGELOG.md | 1 + TShockAPI/Bouncer.cs | 51 ++++++++++++++++++++++++++++++-------------- 2 files changed, 36 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85d31e64..9a3902b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) +* Properly sanitize packet tile coordinates that coulbe used to DoS attack a server. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/TShock/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) diff --git a/TShockAPI/Bouncer.cs b/TShockAPI/Bouncer.cs index 42cc6cd1..60737a7f 100644 --- a/TShockAPI/Bouncer.cs +++ b/TShockAPI/Bouncer.cs @@ -260,6 +260,13 @@ namespace TShockAPI try { + if (!TShock.Utils.TilePlacementValid(tileX, tileY)) + { + TShock.Log.ConsoleDebug("Bouncer / OnTileEdit rejected from (tile placement valid) {0} {1} {2}", args.Player.Name, action, editData); + args.Handled = true; + return; + } + if (editData < 0 || ((action == EditAction.PlaceTile || action == EditAction.ReplaceTile) && editData >= Main.maxTileSets) || ((action == EditAction.PlaceWall || action == EditAction.ReplaceWall) && editData >= Main.maxWallTypes)) @@ -270,14 +277,6 @@ namespace TShockAPI return; } - if (!TShock.Utils.TilePlacementValid(tileX, tileY)) - { - TShock.Log.ConsoleDebug("Bouncer / OnTileEdit rejected from (tile placement valid) {0} {1} {2}", args.Player.Name, action, editData); - args.Player.SendTileSquare(tileX, tileY, 1); - args.Handled = true; - return; - } - if (action == EditAction.KillTile && Main.tile[tileX, tileY].type == TileID.MagicalIceBlock) { TShock.Log.ConsoleDebug("Bouncer / OnTileEdit super accepted from (ice block) {0} {1} {2}", args.Player.Name, action, editData); @@ -1654,6 +1653,13 @@ namespace TShockAPI short type = args.Type; short style = args.Style; + if (!TShock.Utils.TilePlacementValid(x, y)) + { + TShock.Log.ConsoleDebug("Bouncer / OnPlaceObject rejected valid placements from {0}", args.Player.Name); + args.Handled = true; + return; + } + if (type < 0 || type >= Main.maxTileSets) { TShock.Log.ConsoleDebug("Bouncer / OnPlaceObject rejected out of bounds tile from {0}", args.Player.Name); @@ -1702,14 +1708,6 @@ namespace TShockAPI return; } - if (!TShock.Utils.TilePlacementValid(x, y)) - { - TShock.Log.ConsoleDebug("Bouncer / OnPlaceObject rejected valid placements from {0}", args.Player.Name); - args.Player.SendTileSquare(x, y, 1); - args.Handled = true; - return; - } - if (args.Player.Dead && TShock.Config.Settings.PreventDeadModification) { TShock.Log.ConsoleDebug("Bouncer / OnPlaceObject rejected dead people don't do things from {0}", args.Player.Name); @@ -1801,6 +1799,13 @@ namespace TShockAPI /// The packet arguments that the event has. internal void OnPlaceTileEntity(object sender, GetDataHandlers.PlaceTileEntityEventArgs args) { + if (!TShock.Utils.TilePlacementValid(args.X, args.Y)) + { + TShock.Log.ConsoleDebug("Bouncer / OnPlaceTileEntity rejected tile placement valid from {0}", args.Player.Name); + args.Handled = true; + return; + } + if (args.Player.IsBeingDisabled()) { TShock.Log.ConsoleDebug("Bouncer / OnPlaceTileEntity rejected disabled from {0}", args.Player.Name); @@ -1828,6 +1833,13 @@ namespace TShockAPI /// The packet arguments that the event has. internal void OnPlaceItemFrame(object sender, GetDataHandlers.PlaceItemFrameEventArgs args) { + if (!TShock.Utils.TilePlacementValid(args.X, args.Y)) + { + TShock.Log.ConsoleDebug("Bouncer / OnPlaceItemFrame rejected tile placement valid from {0}", args.Player.Name); + args.Handled = true; + return; + } + if (args.Player.IsBeingDisabled()) { TShock.Log.ConsoleDebug("Bouncer / OnPlaceItemFrame rejected disabled from {0}", args.Player.Name); @@ -2129,6 +2141,13 @@ namespace TShockAPI /// internal void OnFoodPlatterTryPlacing(object sender, GetDataHandlers.FoodPlatterTryPlacingEventArgs args) { + if (!TShock.Utils.TilePlacementValid(args.TileX, args.TileY)) + { + TShock.Log.ConsoleDebug("Bouncer / OnFoodPlatterTryPlacing rejected tile placement valid from {0}", args.Player.Name); + args.Handled = true; + return; + } + if ((args.Player.SelectedItem.type != args.ItemID && args.Player.ItemInHand.type != args.ItemID)) { TShock.Log.ConsoleDebug("Bouncer / OnFoodPlatterTryPlacing rejected item not placed by hand from {0}", args.Player.Name); From 2a6bc51dd686688c364b805f0fcbc6421c5ed4c2 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Sun, 11 Jul 2021 23:11:28 -0400 Subject: [PATCH 04/18] Change EoL summon to be more consistent w/ config now this should be more in line with how other boss summons are currently handled, also made the sundial user messages better thx to quake's suggestions --- TShockAPI/GetDataHandlers.cs | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/TShockAPI/GetDataHandlers.cs b/TShockAPI/GetDataHandlers.cs index dfb4467a..ed701f2f 100644 --- a/TShockAPI/GetDataHandlers.cs +++ b/TShockAPI/GetDataHandlers.cs @@ -2813,12 +2813,21 @@ namespace TShockAPI return true; } - if (Main.npc[id].netID == NPCID.EmpressButterfly && !args.Player.HasPermission(Permissions.summonboss)) + if (Main.npc[id].netID == NPCID.EmpressButterfly) { - args.Player.SendErrorMessage("You do not have permission to summon the Empress of Light."); - args.Player.SendData(PacketTypes.NpcUpdate, "", id); - TShock.Log.ConsoleDebug($"GetDataHandlers / HandleNpcStrike rejected EoL summon from {args.Player.Name}"); - return true; + if (!args.Player.HasPermission(Permissions.summonboss)) + { + args.Player.SendErrorMessage("You do not have permission to summon the Empress of Light."); + args.Player.SendData(PacketTypes.NpcUpdate, "", id); + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleNpcStrike rejected EoL summon from {args.Player.Name}"); + return true; + } + else if (!TShock.Config.Settings.AnonymousBossInvasions) + { + TShock.Utils.Broadcast(string.Format($"{args.Player.Name} summoned the Empress of Light!"), 175, 75, 255); + } + else + TShock.Utils.SendLogs(string.Format($"{args.Player.Name} summoned the Empress of Light!"), Color.PaleVioletRed, args.Player); } return false; } @@ -3214,14 +3223,18 @@ namespace TShockAPI { TShock.Log.ConsoleDebug($"GetDataHandlers / HandleSpecial rejected enchanted sundial permission {args.Player.Name}"); args.Player.SendErrorMessage("You do not have permission to use the Enchanted Sundial."); - return true; } else if (TShock.Config.Settings.ForceTime != "normal") { - TShock.Log.ConsoleDebug($"GetDataHandlers / HandleSpecial rejected enchanted sundial permission (ForceTime) { args.Player.Name}"); - args.Player.SendErrorMessage($"You must set ForceTime to normal via config to use the Enchanted Sundial."); - return true; + TShock.Log.ConsoleDebug($"GetDataHandlers / HandleSpecial rejected enchanted sundial permission (ForceTime) {args.Player.Name}"); + if (!args.Player.HasPermission(Permissions.cfgreload)) + { + args.Player.SendErrorMessage("You cannot use the Enchanted Sundial because time is stopped."); + } + else + args.Player.SendErrorMessage("You must set ForceTime to normal via config to use the Enchanted Sundial."); } + return true; } return false; From 0316f9d502e3e5f90b5af83dfbfda39b8a6f63fb Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Sun, 11 Jul 2021 23:22:31 -0400 Subject: [PATCH 05/18] update change log again --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b77fdf94..c7649d68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,8 +29,8 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) -* Added `summonboss` permission check for Prismatic Lacewing. Players who do not have said permission will be unable to kill this critter, as it will summon the Empress of Light. (@moisterrific) -* Added `ForceTime` config setting check for Enchanted Sundial usage. If `ForceTime` is set to anything other than `normal`, Sundial use will be rejected as this would lead to very janky game behavior. (@moisterrific) +* Added `summonboss` permission check for Prismatic Lacewing. Players who do not have said permission will be unable to kill this critter, as it will summon the Empress of Light. Also added support for the `AnonymousBossInvasions` config option, if this is set to `false` it will now broadcast the name of the player who summoned her. (@moisterrific) +* Added `ForceTime` config setting check for Enchanted Sundial usage. If `ForceTime` is set to anything other than `normal`, Sundial use will be rejected as this would lead to very janky game behavior. Additionally, players with `cfgreload` permission will be advised to change it back to `normal` in order to use sundial. (@moisterrific, @bartico6) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From b88d1f562fc1423b5bf1c80c856e9fd089371bab Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 15:48:27 -0400 Subject: [PATCH 06/18] Add player count support for MOTD --- TShockAPI/TSPlayer.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/TShockAPI/TSPlayer.cs b/TShockAPI/TSPlayer.cs index 25e61612..12ba09ad 100644 --- a/TShockAPI/TSPlayer.cs +++ b/TShockAPI/TSPlayer.cs @@ -1528,6 +1528,7 @@ namespace TShockAPI foo = foo.Replace("%map%", (TShock.Config.Settings.UseServerName ? TShock.Config.Settings.ServerName : Main.worldName)); foo = foo.Replace("%players%", String.Join(",", players)); foo = foo.Replace("%specifier%", TShock.Config.Settings.CommandSpecifier); + foo = foo.Replace("%playercount%", String.Join("/", TShock.Utils.GetActivePlayerCount(), TShock.Config.MaxSlots)); SendMessage(foo, lineColor); } From 2dc887266d26c88e6dded7eb2227e015750615c6 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 15:50:02 -0400 Subject: [PATCH 07/18] Add player count --- TShockAPI/FileTools.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TShockAPI/FileTools.cs b/TShockAPI/FileTools.cs index a9608c4e..d58aeab5 100644 --- a/TShockAPI/FileTools.cs +++ b/TShockAPI/FileTools.cs @@ -29,7 +29,7 @@ namespace TShockAPI public class FileTools { private const string MotdFormat = - "Welcome to [c/ffff00:%map%] on [c/7ddff8:T][c/81dbf6:S][c/86d7f4:h][c/8ad3f3:o][c/8ecef1:c][c/93caef:k] for [c/55d284:T][c/62d27a:e][c/6fd16f:r][c/7cd165:r][c/89d15a:a][c/95d150:r][c/a4d145:i][c/b1d03b:a].\n[c/FFFFFF:Online player(s):] [c/FFFF00:%players%]\nType [c/55D284:%specifier%][c/62D27A:h][c/6FD16F:e][c/7CD165:l][c/89D15A:p] for a list of commands.\n"; + "Welcome to [c/ffff00:%map%] on [c/7ddff8:T][c/81dbf6:S][c/86d7f4:h][c/8ad3f3:o][c/8ecef1:c][c/93caef:k] for [c/55d284:T][c/62d27a:e][c/6fd16f:r][c/7cd165:r][c/89d15a:a][c/95d150:r][c/a4d145:i][c/b1d03b:a].\n[c/FFFFFF:Online players (%playercount%):] [c/FFFF00:%players%]\nType [c/55D284:%specifier%][c/62D27A:h][c/6FD16F:e][c/7CD165:l][c/89D15A:p] for a list of commands.\n"; /// /// Path to the file containing the rules. /// From b8b86a42fd23db72cf56e89b43f031eb4ca431fd Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 15:51:14 -0400 Subject: [PATCH 08/18] Add space after comma so names look less clustered --- TShockAPI/TSPlayer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TShockAPI/TSPlayer.cs b/TShockAPI/TSPlayer.cs index 12ba09ad..87ecb5d0 100644 --- a/TShockAPI/TSPlayer.cs +++ b/TShockAPI/TSPlayer.cs @@ -1526,7 +1526,7 @@ namespace TShockAPI } foo = foo.Replace("%map%", (TShock.Config.Settings.UseServerName ? TShock.Config.Settings.ServerName : Main.worldName)); - foo = foo.Replace("%players%", String.Join(",", players)); + foo = foo.Replace("%players%", String.Join(", ", players)); foo = foo.Replace("%specifier%", TShock.Config.Settings.CommandSpecifier); foo = foo.Replace("%playercount%", String.Join("/", TShock.Utils.GetActivePlayerCount(), TShock.Config.MaxSlots)); From 7e479ea39649db758bf9a0766b6d36b9124c7169 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 15:57:00 -0400 Subject: [PATCH 09/18] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85d31e64..da5d0369 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) +* Added online player count support `%playercount%` for MOTD. The default MOTD message was also updated to use this. (@moisterrific) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From 1e9804a13d8f1dff0898c3bd9b8f0f998fdedd27 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:12:36 -0400 Subject: [PATCH 10/18] Separate current player count and max server slots --- TShockAPI/TSPlayer.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TShockAPI/TSPlayer.cs b/TShockAPI/TSPlayer.cs index 87ecb5d0..3bfaffb1 100644 --- a/TShockAPI/TSPlayer.cs +++ b/TShockAPI/TSPlayer.cs @@ -1528,7 +1528,8 @@ namespace TShockAPI foo = foo.Replace("%map%", (TShock.Config.Settings.UseServerName ? TShock.Config.Settings.ServerName : Main.worldName)); foo = foo.Replace("%players%", String.Join(", ", players)); foo = foo.Replace("%specifier%", TShock.Config.Settings.CommandSpecifier); - foo = foo.Replace("%playercount%", String.Join("/", TShock.Utils.GetActivePlayerCount(), TShock.Config.MaxSlots)); + foo = foo.Replace("%onlineplayers%", Convert.ToString(TShock.Utils.GetActivePlayerCount())); + foo = foo.Replace("%serverslots%", Convert.ToString(TShock.Config.Settings.MaxSlots)); SendMessage(foo, lineColor); } From 89695c39650276a01f19375a0d620a2e3657fc5b Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:13:51 -0400 Subject: [PATCH 11/18] separate online players / max slots in stock MOTD --- TShockAPI/FileTools.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TShockAPI/FileTools.cs b/TShockAPI/FileTools.cs index d58aeab5..a3d6c1c2 100644 --- a/TShockAPI/FileTools.cs +++ b/TShockAPI/FileTools.cs @@ -29,7 +29,7 @@ namespace TShockAPI public class FileTools { private const string MotdFormat = - "Welcome to [c/ffff00:%map%] on [c/7ddff8:T][c/81dbf6:S][c/86d7f4:h][c/8ad3f3:o][c/8ecef1:c][c/93caef:k] for [c/55d284:T][c/62d27a:e][c/6fd16f:r][c/7cd165:r][c/89d15a:a][c/95d150:r][c/a4d145:i][c/b1d03b:a].\n[c/FFFFFF:Online players (%playercount%):] [c/FFFF00:%players%]\nType [c/55D284:%specifier%][c/62D27A:h][c/6FD16F:e][c/7CD165:l][c/89D15A:p] for a list of commands.\n"; + "Welcome to [c/ffff00:%map%] on [c/7ddff8:T][c/81dbf6:S][c/86d7f4:h][c/8ad3f3:o][c/8ecef1:c][c/93caef:k] for [c/55d284:T][c/62d27a:e][c/6fd16f:r][c/7cd165:r][c/89d15a:a][c/95d150:r][c/a4d145:i][c/b1d03b:a].\n[c/FFFFFF:Online players (%onlineplayers%/%serverslots%):] [c/FFFF00:%players%]\nType [c/55D284:%specifier%][c/62D27A:h][c/6FD16F:e][c/7CD165:l][c/89D15A:p] for a list of commands.\n"; /// /// Path to the file containing the rules. /// From fabea62d96eb3b3e5083e6a5ef7fa7761a4fb8e9 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:16:19 -0400 Subject: [PATCH 12/18] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da5d0369..b7507aad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) -* Added online player count support `%playercount%` for MOTD. The default MOTD message was also updated to use this. (@moisterrific) +* Added `%onlineplayers%` and `%serverslots%` placeholders for MOTD. The default MOTD message was also updated to use this. (@moisterrific, @bartico6) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From d61ebb4111d6871f945607464224a177bb5e6586 Mon Sep 17 00:00:00 2001 From: stacey <57187883+moisterrific@users.noreply.github.com> Date: Fri, 16 Jul 2021 12:20:13 -0400 Subject: [PATCH 13/18] Update TSPlayer.cs --- TShockAPI/TSPlayer.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TShockAPI/TSPlayer.cs b/TShockAPI/TSPlayer.cs index 3bfaffb1..47dea08b 100644 --- a/TShockAPI/TSPlayer.cs +++ b/TShockAPI/TSPlayer.cs @@ -1528,8 +1528,8 @@ namespace TShockAPI foo = foo.Replace("%map%", (TShock.Config.Settings.UseServerName ? TShock.Config.Settings.ServerName : Main.worldName)); foo = foo.Replace("%players%", String.Join(", ", players)); foo = foo.Replace("%specifier%", TShock.Config.Settings.CommandSpecifier); - foo = foo.Replace("%onlineplayers%", Convert.ToString(TShock.Utils.GetActivePlayerCount())); - foo = foo.Replace("%serverslots%", Convert.ToString(TShock.Config.Settings.MaxSlots)); + foo = foo.Replace("%onlineplayers%", TShock.Utils.GetActivePlayerCount().ToString()); + foo = foo.Replace("%serverslots%", TShock.Config.Settings.MaxSlots.ToString()); SendMessage(foo, lineColor); } From 6ad57ba51710a99e86166c8e934a0c8f9a19d9e5 Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Wed, 21 Jul 2021 18:14:46 -0700 Subject: [PATCH 14/18] Fix changelog typos --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a3902b4..3ca714dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) -* Properly sanitize packet tile coordinates that coulbe used to DoS attack a server. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/TShock/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) +* Properly sanitized packet tile coordinates that could be used to DoS attack a server. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/TShock/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From 853715cfa7b922de5fec2c014df0dfb45aef8ce8 Mon Sep 17 00:00:00 2001 From: James Puleo Date: Wed, 21 Jul 2021 21:40:44 -0400 Subject: [PATCH 15/18] Update changelog to be _much_ more verbose about GHSA-jq4j-v8pr-jv7j --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ca714dc..35b3788e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,12 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Correct rejection message in LandGolfBallInCupHandler to output the proper expected player id. (@drunderscore) * Clarified the error mesage that the console is presented if a rate-limit is reached over REST to indicate that "tokens" actually refers to rate-limit tokens, and not auth tokens, and added a hint as to what config setting determines this. (@hakusaro, @patsore) * Fixed an issue where, when the console was redirected, input was disabled and commands didn't work, in TSAPI. You can now pass `-disable-commands` to disable the input thread, but by default, it will be enabled. Fixes [#1450](https://github.com/Pryaxis/TShock/issues/1450). (@DeathCradle, @QuiCM) -* Properly sanitized packet tile coordinates that could be used to DoS attack a server. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/TShock/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) +* Fixed Bouncer inconsistently using `TilePlacementValid` when validating tile coordinates, which could cause a DoS attack due to unexpectedly large world framing. The list below shows the corrected methods within Bouncer. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/Plugins/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) + * `OnTileEdit`: The check was moved to be the first, and will no longer `SendTileSquare` upon failure. + * `OnPlaceObject`: The check was moved to be the first, and will no longer `SendTileSquare` upon failure. + * `OnPlaceTileEntity`: The check was newly added. + * `OnPlaceItemFrame`: The check was newly added. + * `OnFoodPlatterTryPlacing`: The check was newly added. ## TShock 4.5.4 * Fixed ridiculous typo in `GetDataHandlers` which caused TShock to read the wrong field in the packet for `usingBiomeTorches`. (@hakusaro, @Arthri) From 87d5b769c78a8d514af4c45bccd78fc01935af2b Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Wed, 21 Jul 2021 18:46:01 -0700 Subject: [PATCH 16/18] Version tick: 4.5.5 --- CHANGELOG.md | 3 +++ TShockAPI/Properties/AssemblyInfo.cs | 4 ++-- TShockAPI/TShock.cs | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ccb7a06..4399f2f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,9 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * If there is no section called "Upcoming changes" below this line, please add one with `## Upcoming changes` as the first line, and then a bulleted item directly after with the first change. ## Upcoming changes +* This could be you! + +## TShock 4.5.5 * Changed the world autosave message so that it no longer warns of a "potential lag spike." (@hakusaro) * Added `/slay` as an alias for `/kill` to be more consistent with other server mods. (@hakusaro) * Added `/god` as an alias for `/godmode` to be more consistent with other server mods. (@hakusaro) diff --git a/TShockAPI/Properties/AssemblyInfo.cs b/TShockAPI/Properties/AssemblyInfo.cs index 819058cb..28c98cd4 100644 --- a/TShockAPI/Properties/AssemblyInfo.cs +++ b/TShockAPI/Properties/AssemblyInfo.cs @@ -53,5 +53,5 @@ using System.Runtime.InteropServices; // Also, be sure to release on github with the exact assembly version tag as below // so that the update manager works correctly (via the Github releases api and mimic) -[assembly: AssemblyVersion("4.5.4")] -[assembly: AssemblyFileVersion("4.5.4")] +[assembly: AssemblyVersion("4.5.5")] +[assembly: AssemblyFileVersion("4.5.5")] diff --git a/TShockAPI/TShock.cs b/TShockAPI/TShock.cs index ed74b882..2114b469 100644 --- a/TShockAPI/TShock.cs +++ b/TShockAPI/TShock.cs @@ -58,7 +58,7 @@ namespace TShockAPI /// VersionNum - The version number the TerrariaAPI will return back to the API. We just use the Assembly info. public static readonly Version VersionNum = Assembly.GetExecutingAssembly().GetName().Version; /// VersionCodename - The version codename is displayed when the server starts. Inspired by software codenames conventions. - public static readonly string VersionCodename = "Blood Moon edition"; + public static readonly string VersionCodename = "Olympics maybe?"; /// SavePath - This is the path TShock saves its data in. This path is relative to the TerrariaServer.exe (not in ServerPlugins). public static string SavePath = "tshock"; From 59f7ea02455545b3820edb69bfbcdde834ab37d7 Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Wed, 21 Jul 2021 19:22:45 -0700 Subject: [PATCH 17/18] I'm seeing things --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4399f2f9..b1a5d203 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,7 +35,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin * Added `summonboss` permission check for Prismatic Lacewing. Players who do not have said permission will be unable to kill this critter, as it will summon the Empress of Light. Also added support for the `AnonymousBossInvasions` config option, if this is set to `false` it will now broadcast the name of the player who summoned her. (@moisterrific) * Added `ForceTime` config setting check for Enchanted Sundial usage. If `ForceTime` is set to anything other than `normal`, Sundial use will be rejected as this would lead to very janky game behavior. Additionally, players with `cfgreload` permission will be advised to change it back to `normal` in order to use sundial. (@moisterrific, @bartico6) * Added `%onlineplayers%` and `%serverslots%` placeholders for MOTD. The default MOTD message was also updated to use this. (@moisterrific, @bartico6) -* Fixed Bouncer inconsistently using `TilePlacementValid` when validating tile coordinates, which could cause a DoS attack due to unexpectedly large world framing. The list below shows the corrected methods within Bouncer. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/Plugins/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) +* Fixed Bouncer inconsistently using `TilePlacementValid` when validating tile coordinates, which could cause a DoS attack due to unexpectedly large world framing. The list below shows the corrected methods within Bouncer. This was assigned [GHSA-jq4j-v8pr-jv7j](https://github.com/Pryaxis/TShock/security/advisories/GHSA-jq4j-v8pr-jv7j). (@drunderscore) * `OnTileEdit`: The check was moved to be the first, and will no longer `SendTileSquare` upon failure. * `OnPlaceObject`: The check was moved to be the first, and will no longer `SendTileSquare` upon failure. * `OnPlaceTileEntity`: The check was newly added. From c71bcc02b94bfd2f28ffff0b40f262c89c80a731 Mon Sep 17 00:00:00 2001 From: Lucas Nicodemus Date: Sat, 24 Jul 2021 16:19:59 -0700 Subject: [PATCH 18/18] Update PR template changelog warning --- .github/PULL_REQUEST_TEMPLATE.md | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 4cf87d10..473130c4 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,19 +1,3 @@ -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? -?????? HAVE YOU UPDATED THE CHANGELOG? ?????? \ No newline at end of file +