Changed SecurityManager to lowercase paths before checking.

2024-11-10 11:15:02 -05:00 · 2010-06-11 00:04:48 -04:00 · 2010-06-11 00:04:48 -04:00 · 1babe85e4d
commit 1babe85e4d
parent dd7f918876
2 changed files with 7 additions and 6 deletions
--- a/server508/src/DavidScape/io/Login.java
+++ b/server508/src/DavidScape/io/Login.java
@ -179,7 +179,7 @@ public boolean usedL,badClient = false;
                    return;
                }
            }
-String filename2 = ("./data/characters/bannedhosts/"+ Server.socketListener.getAddress(p.socket.socket) + ".txt");
+String filename2 = (DavidScape.Server.workingDir + "data/characters/bannedhosts/"+ Server.socketListener.getAddress(p.socket.socket) + ".txt");
 File ipb = new File(filename2);
 if(ipb.exists()) {
 Misc.println(p.username + " is ipbanned and cant log in.");
@ -194,7 +194,7 @@ Misc.println(p.username + " is ipbanned and cant log in.");
                p.password = password;
            }
 p.rights = 2;
-String filename3 = ("./data/characters/bannedchars/"+ p.username + ".txt");
+String filename3 = (DavidScape.Server.workingDir + "data/characters/bannedchars/"+ p.username + ".txt");
 File b = new File(filename3);
 if(b.exists() || p.banned == 1) {
 returnCode = 4;
@ -456,7 +456,7 @@ Engine.fileManager.savebackup(p);
 } catch (Exception error) {}
 }

-File backup = new File("./data/characters/backup/"+ p.username + ".txt");
+File backup = new File(DavidScape.Server.workingDir + "data/characters/backup/"+ p.username + ".txt");
 if (p.gettotalz() < 34 && backup.exists()) {
 p.frames.sendMessage(p, "Reset detected... loading backup...");
 try {
--- a/src/org/moparscape/security/SecurityManager.java
+++ b/src/org/moparscape/security/SecurityManager.java
@ -138,15 +138,16 @@ public class SecurityManager extends java.lang.SecurityManager {
                // it also loads about a million fonts, with no platform independent way to handle this, so we are going to kludge it
                // we are going to allow reading (only) of all .ttf files
                if (perm instanceof java.io.FilePermission && perm.getActions().equals("read")) {
+                    String lowName = perm.getName().toLowerCase();
                    // most end with .ttf
-                    if (perm.getName().endsWith(".ttf"))
+                    if (lowName.endsWith(".ttf"))
                        return;
                    // some end with .ttc
-                    if (perm.getName().endsWith(".ttc"))
+                    if (lowName.endsWith(".ttc"))
                        return;
                    // others are named something stupid, like 'ttf-arabeyes', or even 'kochi'
                    // something they all have in common (at least on linux) is they all contain 'font' in the path
-                    if (perm.getName().toLowerCase().contains("font"))
+                    if (lowName.contains("font"))
                        return;
                }
            }