From c99deae9cc806ed2eec37e92b943b6f97d96d6c7 Mon Sep 17 00:00:00 2001
From: Chris <2648373+QuiCM@users.noreply.github.com>
Date: Fri, 5 Jun 2020 12:16:24 +0930
Subject: [PATCH 1/5] Add some sanity checking around tile object sizes
---
TShockAPI/Handlers/SendTileSquareHandler.cs | 62 ++++++++++++++++++---
1 file changed, 53 insertions(+), 9 deletions(-)
diff --git a/TShockAPI/Handlers/SendTileSquareHandler.cs b/TShockAPI/Handlers/SendTileSquareHandler.cs
index 39a7e751..2bf0c729 100644
--- a/TShockAPI/Handlers/SendTileSquareHandler.cs
+++ b/TShockAPI/Handlers/SendTileSquareHandler.cs
@@ -72,7 +72,7 @@ namespace TShockAPI.Handlers
Debug.VisualiseTileSetDiff(args.TileX, args.TileY, args.Size, args.Size, tiles);
- IterateTileSquare(tiles, processed, args);
+ IterateTileSquare(tiles, processed, args);
// Uncommenting this function will send the same tile square 10 blocks above you for visualisation. This will modify your world and overwrite existing blocks.
// Use in test worlds only.
@@ -139,7 +139,7 @@ namespace TShockAPI.Handlers
NetTile[,] newTiles;
int width = data.Width;
int height = data.Height;
- int offset = 0;
+ int offsetY = 0;
if (newTile.Type == TileID.TrapdoorClosed)
{
@@ -148,7 +148,13 @@ namespace TShockAPI.Handlers
// So we capture all 6 possible tiles and offset ourselves 1 tile above the closed trapdoor to capture the entire 2x3 area
width = 2;
height = 3;
- offset = -1;
+ offsetY = -1;
+ }
+
+ // Ensure the tile object fits inside the square before processing it
+ if (!DoesTileObjectFitInTileSquare(x, y, width, height, size, offsetY, processed))
+ {
+ continue;
}
newTiles = new NetTile[width, height];
@@ -157,11 +163,11 @@ namespace TShockAPI.Handlers
{
for (int j = 0; j < height; j++)
{
- newTiles[i, j] = tiles[x + i, y + j + offset];
- processed[x + i, y + j] = true;
+ newTiles[i, j] = tiles[x + i, y + j + offsetY];
+ processed[x + i, y + j + offsetY] = true;
}
}
- ProcessTileObject(newTile.Type, realX, realY + offset, width, height, newTiles, args);
+ ProcessTileObject(newTile.Type, realX, realY + offsetY, width, height, newTiles, args);
continue;
}
@@ -392,7 +398,7 @@ namespace TShockAPI.Handlers
///
///
///
- static NetTile[,] ReadNetTilesFromStream(System.IO.MemoryStream stream, int size)
+ static NetTile[,] ReadNetTilesFromStream(System.IO.MemoryStream stream, short size)
{
NetTile[,] tiles = new NetTile[size, size];
for (int x = 0; x < size; x++)
@@ -420,8 +426,8 @@ namespace TShockAPI.Handlers
return true;
}
- // 5x5 is the largest vanilla-sized tile square. Anything larger than this should not be seen in the vanilla game and should be rejected
- if (args.Size > 5)
+ // 7x7 is the largest vanilla-sized tile square (used for lamp posts). Anything larger than this should not be sent by the vanilla game and should be rejected
+ if (args.Size > 7)
{
TShock.Log.ConsoleDebug("Bouncer / SendTileSquare rejected from non-vanilla tilemod from {0}", args.Player.Name);
return true;
@@ -444,6 +450,44 @@ namespace TShockAPI.Handlers
return false;
}
+ ///
+ /// Checks if a tile object fits inside the dimensions of a tile square
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ static bool DoesTileObjectFitInTileSquare(int x, int y, int width, int height, int size, int offsetY, bool[,] processed)
+ {
+ // If the starting y position of this tile object is at (x, 0) and the y offset is negative, we'll be accessing tiles outside the square
+ if (y + offsetY < 0)
+ {
+ TShock.Log.ConsoleDebug("Bouncer / SendTileSquareHandler - rejected tile object because object dimensions fall outside the tile square (negative y value)");
+ return false;
+ }
+
+ if (x + width >= size || y + height + offsetY >= size)
+ {
+ // This is ugly, but we want to mark all these tiles as processed so that we're not hitting this check multiple times for one dodgy tile object
+ for (int i = x; i < size; i++)
+ {
+ for (int j = Math.Max(0, y + offsetY); j < size; j++) // This is also ugly. Using Math.Max to make sure y + offsetY >= 0
+ {
+ processed[i, j] = true;
+ }
+ }
+
+ TShock.Log.ConsoleDebug("Bouncer / SendTileSquareHandler - rejected tile object because object dimensions fall outside the tile square (excessive size)");
+ return false;
+ }
+
+ return true;
+ }
+
class Debug
{
///
From 31e79a3918cf589680bf7141ab45dc0c035b5c96 Mon Sep 17 00:00:00 2001
From: Lucas Nicodemus
Date: Thu, 4 Jun 2020 21:29:50 -0700
Subject: [PATCH 2/5] Update changelog for 4.4.0 pr11
---
CHANGELOG.md | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9a0712a2..0e1bd75a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,15 +2,18 @@
This is the rolling changelog for TShock for Terraria. Use past tense when adding new entries; sign your name off when you add or change something. This should primarily be things like user changes, not necessarily codebase changes unless it's really relevant or large.
-## Upcoming Changes
+## Upcoming changes
+* Installed new sprinklers!
+
+## TShock 4.4.0 (Pre-release 11)
* New permission `tshock.tp.pylon` to enable teleporting via Teleportation Pylons (@QuiCM)
* New permission `tshock.journey.research` to enable sharing research via item sacrifice (@QuiCM)
-* Add Emoji event to GetDataHandler. This packet is received when a player tries to display an emote.
- * Adding EmojiHandler to handle an exploit. Adding `tshock.sendemoji` permission and checks. Added this permission to guest group by default.
-* Handling SyncCavernMonsterType packet to prevent an exploit where players could modify the server's cavern monster types and make the server spawn any NPCs - including bosses - onto other players.
+* Add Emoji event to GetDataHandler. This packet is received when a player tries to display an emote. (who?)
+ * Adding EmojiHandler to handle an exploit. Adding `tshock.sendemoji` permission and checks. Added this permission to guest group by default. (who?)
+* Handled SyncCavernMonsterType packet to prevent an exploit where players could modify the server's cavern monster types and make the server spawn any NPCs - including bosses - onto other players. (who?)
* Added LandGolfBallInCup event which is accessible for developers to work with, as well as LandGolfBallInCup handler to handle exploits where players could send direct packets to trigger and imitate golf ball cup landing anywhere in the game world. Added two public lists in Handlers.LandGolfBallInCupHandler: GolfBallProjectileIDs and GolfClubItemIDs. (@Patrikkk)
-* Add SyncTilePicking event. This is called when a player damages a tile. Implementing SyncTilePickingHandler and patching tile damaging related exploits. (Preventing player sending invalid world position data which disconnects other players.)
-* Fix the issue where mobs could not be fished out during bloodmoon because of Bouncer checks. (@Patrikkk)
+* Added SyncTilePicking event. This is called when a player damages a tile. Implementing SyncTilePickingHandler and patching tile damaging related exploits. (Preventing player sending invalid world position data which disconnects other players.)
+* Fixed the issue where mobs could not be fished out during bloodmoon because of Bouncer checks. (@Patrikkk)
* Update for OTAPI 2.0.0.37 and Terraria 1.4.0.5. (@hakusaro, @Patrikkk)
* Adding missing PlayerInfo data in GetDataHandler. (@Patrikkk)
From 470da46511c9809102476d1453ab3151d3719a7c Mon Sep 17 00:00:00 2001
From: moisterrific <57187883+moisterrific@users.noreply.github.com>
Date: Sat, 6 Jun 2020 00:28:21 -0400
Subject: [PATCH 3/5] Add new perms and move more perms to trustedadmin
Add new journey mode research perm and move all existing journey perms from owner to trustedadmin. Also added pylon tp to default and added /spawn perm to admin.
---
TShockAPI/DB/GroupManager.cs | 35 +++++++++++++++++++----------------
1 file changed, 19 insertions(+), 16 deletions(-)
diff --git a/TShockAPI/DB/GroupManager.cs b/TShockAPI/DB/GroupManager.cs
index 3cff37a1..1462411d 100644
--- a/TShockAPI/DB/GroupManager.cs
+++ b/TShockAPI/DB/GroupManager.cs
@@ -76,7 +76,8 @@ namespace TShockAPI.DB
Permissions.summonboss,
Permissions.whisper,
Permissions.wormhole,
- Permissions.canpaint));
+ Permissions.canpaint,
+ Permissions.pylon));
AddDefaultGroup("vip", "default",
string.Join(",",
@@ -123,7 +124,8 @@ namespace TShockAPI.DB
Permissions.tpnpc,
Permissions.tppos,
Permissions.tpsilent,
- Permissions.userinfo));
+ Permissions.userinfo,
+ Permissions.spawn));
AddDefaultGroup("trustedadmin", "admin",
string.Join(",",
@@ -155,7 +157,20 @@ namespace TShockAPI.DB
Permissions.invade,
Permissions.startdd2,
Permissions.uploaddata,
- Permissions.uploadothersdata));
+ Permissions.uploadothersdata,
+ Permissions.journey_timefreeze,
+ Permissions.journey_timeset,
+ Permissions.journey_timespeed,
+ Permissions.journey_godmode,
+ Permissions.journey_windstrength,
+ Permissions.journey_windfreeze,
+ Permissions.journey_rainstrength,
+ Permissions.journey_rainfreeze,
+ Permissions.journey_placementrange,
+ Permissions.journey_setdifficulty,
+ Permissions.journey_biomespreadfreeze,
+ Permissions.journey_setspawnrate,
+ Permissions.journey_contributeresearch));
AddDefaultGroup("owner", "trustedadmin",
string.Join(",",
@@ -174,19 +189,7 @@ namespace TShockAPI.DB
Permissions.settempgroup,
Permissions.spawnrate,
Permissions.tpoverride,
- Permissions.createdumps,
- Permissions.journey_timefreeze,
- Permissions.journey_timeset,
- Permissions.journey_timespeed,
- Permissions.journey_godmode,
- Permissions.journey_windstrength,
- Permissions.journey_windfreeze,
- Permissions.journey_rainstrength,
- Permissions.journey_rainfreeze,
- Permissions.journey_placementrange,
- Permissions.journey_setdifficulty,
- Permissions.journey_biomespreadfreeze,
- Permissions.journey_setspawnrate));
+ Permissions.createdumps));
}
// Load Permissions from the DB
From 156cf4930bad9db85d3d87076e4a2750fb65daf0 Mon Sep 17 00:00:00 2001
From: Patrikkk
Date: Sat, 6 Jun 2020 22:28:37 +0200
Subject: [PATCH 4/5] FishOutNPC - Fix some rods not fishing out NPCs.
I was wrong, not all bobbers are named "Bobber".
Just found that Projectile now has an extra field which determines if the given type is a bobber. This field is set in Projectile.SetDefaults method in the following logic
`((type >= 360 && type <= 366) || type == 381 || type == 382 || type == 760 || type == 775)`
I think it is reasonable to use the bobber field, as it would be updateproof too.
Tested and working. Fixes #1985
---
CHANGELOG.md | 1 +
TShockAPI/Bouncer.cs | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e1bd75a..256deb73 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin
* Added LandGolfBallInCup event which is accessible for developers to work with, as well as LandGolfBallInCup handler to handle exploits where players could send direct packets to trigger and imitate golf ball cup landing anywhere in the game world. Added two public lists in Handlers.LandGolfBallInCupHandler: GolfBallProjectileIDs and GolfClubItemIDs. (@Patrikkk)
* Added SyncTilePicking event. This is called when a player damages a tile. Implementing SyncTilePickingHandler and patching tile damaging related exploits. (Preventing player sending invalid world position data which disconnects other players.)
* Fixed the issue where mobs could not be fished out during bloodmoon because of Bouncer checks. (@Patrikkk)
+ *Fixed the issue where certain fishing rods could not fish out NPCs due to a Bouncer check. (@Patrikkk)
* Update for OTAPI 2.0.0.37 and Terraria 1.4.0.5. (@hakusaro, @Patrikkk)
* Adding missing PlayerInfo data in GetDataHandler. (@Patrikkk)
diff --git a/TShockAPI/Bouncer.cs b/TShockAPI/Bouncer.cs
index f21b60eb..f663b073 100644
--- a/TShockAPI/Bouncer.cs
+++ b/TShockAPI/Bouncer.cs
@@ -1906,8 +1906,8 @@ namespace TShockAPI
///
internal void OnFishOutNPC(object sender, GetDataHandlers.FishOutNPCEventArgs args)
{
- /// Getting recent projectiles of the player which are named Bobber. All bobbers have the same Name.
- var projectile = args.Player.RecentlyCreatedProjectiles.FirstOrDefault(p => Main.projectile[p.Index].Name == "Bobber");
+ /// Getting recent projectiles of the player and selecting the first that is a bobber.
+ var projectile = args.Player.RecentlyCreatedProjectiles.FirstOrDefault(p => Main.projectile[p.Index].bobber);
if (!FishingRodItemIDs.Contains(args.Player.SelectedItem.type))
{
From 2c1833342e22bb151d6989669783861222e57bc7 Mon Sep 17 00:00:00 2001
From: moisterrific <57187883+moisterrific@users.noreply.github.com>
Date: Sat, 6 Jun 2020 22:54:14 -0400
Subject: [PATCH 5/5] Add martians to validEvents response message
---
TShockAPI/Commands.cs | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/TShockAPI/Commands.cs b/TShockAPI/Commands.cs
index 4fc949b7..4e8e773d 100644
--- a/TShockAPI/Commands.cs
+++ b/TShockAPI/Commands.cs
@@ -1970,7 +1970,8 @@ namespace TShockAPI
"snowmen",
"pirates",
"pumpkinmoon",
- "frostmoon"
+ "frostmoon",
+ "martians"
};
private static void ManageWorldEvent(CommandArgs args)