From fc4c50928553e277ca9542c8f8a13a31116e83b6 Mon Sep 17 00:00:00 2001 From: Stargazing Koishi Date: Wed, 11 Jan 2023 02:23:01 -0800 Subject: [PATCH 1/6] Add a check to InsertPlayerData to prevent data overwrite --- TShockAPI/DB/CharacterManager.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/TShockAPI/DB/CharacterManager.cs b/TShockAPI/DB/CharacterManager.cs index 575ac3dcb..5a5e13a64 100644 --- a/TShockAPI/DB/CharacterManager.cs +++ b/TShockAPI/DB/CharacterManager.cs @@ -189,6 +189,9 @@ public bool InsertPlayerData(TSPlayer player, bool fromCommand = false) if (!player.IsLoggedIn) return false; + if (player.State < 10) + return false; + if (player.HasPermission(Permissions.bypassssc) && !fromCommand) { TShock.Log.ConsoleInfo(GetParticularString("{0} is a player name", $"Skipping SSC save (due to tshock.ignore.ssc) for {player.Account.Name}")); From 9a0269fb83fff1a66d87c53587111f23193968e7 Mon Sep 17 00:00:00 2001 From: punchready <22683812+punchready@users.noreply.github.com> Date: Tue, 28 Feb 2023 22:05:25 +0100 Subject: [PATCH 2/6] Update definitions for Flower Boots to allow Ash Plants --- TShockAPI/Handlers/SendTileRectHandler.cs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/TShockAPI/Handlers/SendTileRectHandler.cs b/TShockAPI/Handlers/SendTileRectHandler.cs index 3ff85feaf..b66a72fa6 100644 --- a/TShockAPI/Handlers/SendTileRectHandler.cs +++ b/TShockAPI/Handlers/SendTileRectHandler.cs @@ -38,6 +38,10 @@ public class SendTileRectHandler : IPacketHandler() + { + TileID.AshGrass + } }, }; /// @@ -67,6 +71,10 @@ public class SendTileRectHandler : IPacketHandler() + { + 6, 7, 8, 9, 10, + } }, }; /// From defbe5c34fed7173877296cf04fcfb0cf6df312b Mon Sep 17 00:00:00 2001 From: punchready <22683812+punchready@users.noreply.github.com> Date: Tue, 28 Feb 2023 22:09:36 +0100 Subject: [PATCH 3/6] Update changelog --- docs/changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog.md b/docs/changelog.md index be96f88c8..061988a2c 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -106,6 +106,7 @@ Use past tense when adding new entries; sign your name off when you add or chang * Allowed multiple test cases to be in TShock's test suite. (@drunderscore) * Fixed unable to use Purification/Evil Powder in jungle. (@sgkoishi) * Set the `GetDataHandledEventArgs.Player` property for the `SyncTilePicking` data handler. (@drunderscore) +* Allowed Flower Boots to place Ash Flowers on Ash Grass blocks. (@punchready) ## TShock 5.1.3 * Added support for Terraria 1.4.4.9 via OTAPI 3.1.20. (@SignatureBeef) From b833e4852694152188a5c0fa7359d1909f5e4dc2 Mon Sep 17 00:00:00 2001 From: Jonathan Rascher Date: Mon, 2 Jan 2023 15:38:29 -0600 Subject: [PATCH 4/6] Remove unnecessary range check for quick stack --- TShockAPI/TShock.cs | 8 ++------ docs/changelog.md | 1 + 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/TShockAPI/TShock.cs b/TShockAPI/TShock.cs index 7a5a38af7..65380a523 100644 --- a/TShockAPI/TShock.cs +++ b/TShockAPI/TShock.cs @@ -676,17 +676,13 @@ private void OnItemForceIntoChest(ForceItemIntoChestEventArgs args) if (args.Chest != null) { + // After checking for protected regions, no further range checking is necessarily because the client packet only specifies the + // inventory slot to quick stack. The vanilla Terraria server itself determines what chests are close enough to the player. if (Config.Settings.RegionProtectChests && !Regions.CanBuild((int)args.WorldPosition.X, (int)args.WorldPosition.Y, tsplr)) { args.Handled = true; return; } - - if (!tsplr.IsInRange(args.Chest.x, args.Chest.y)) - { - args.Handled = true; - return; - } } } diff --git a/docs/changelog.md b/docs/changelog.md index be96f88c8..7e39da75d 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -106,6 +106,7 @@ Use past tense when adding new entries; sign your name off when you add or chang * Allowed multiple test cases to be in TShock's test suite. (@drunderscore) * Fixed unable to use Purification/Evil Powder in jungle. (@sgkoishi) * Set the `GetDataHandledEventArgs.Player` property for the `SyncTilePicking` data handler. (@drunderscore) +* Removed unnecessary range check that artifically shortened quick stack reach. (@boddyn, #2885, @bcat) ## TShock 5.1.3 * Added support for Terraria 1.4.4.9 via OTAPI 3.1.20. (@SignatureBeef) From 5acc3afcb6f92bc65c7dfb9539b9fb83b4c18b6b Mon Sep 17 00:00:00 2001 From: punchready Date: Fri, 24 Mar 2023 21:39:24 +0100 Subject: [PATCH 5/6] Update STR handling to reject for-sure invalid framing values --- TShockAPI/Handlers/SendTileRectHandler.cs | 33 +++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/TShockAPI/Handlers/SendTileRectHandler.cs b/TShockAPI/Handlers/SendTileRectHandler.cs index 3ff85feaf..cb0163072 100644 --- a/TShockAPI/Handlers/SendTileRectHandler.cs +++ b/TShockAPI/Handlers/SendTileRectHandler.cs @@ -173,6 +173,7 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle } NetTile newTile = tiles[x, y]; + TileObjectData data; // If the new tile has an associated TileObjectData object, we take the tile and the surrounding tiles that make up the tile object @@ -210,10 +211,26 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle case TileID.ShimmerMonolith: { // Allowed changes + + // Based on empirical tests, these should be some conservative upper bounds for framing values + if (newTile.FrameX != -1 || newTile.FrameY != -1) + { + if (newTile.FrameX is < 0 or > 1000) + { + processed[x, y] = true; + continue; + } + if (newTile.FrameY is < 0 or > 5000) + { + processed[x, y] = true; + continue; + } + } } break; default: { + processed[x, y] = true; continue; } } @@ -233,10 +250,26 @@ internal void IterateTileRect(NetTile[,] tiles, bool[,] processed, GetDataHandle case TileID.TargetDummy: { // Allowed placements + + // Based on empirical tests, these should be some conservative upper bounds for framing values + if (newTile.FrameX != -1 || newTile.FrameY != -1) + { + if (newTile.FrameX is < 0 or > 1000) + { + processed[x, y] = true; + continue; + } + if (newTile.FrameY is < 0 or > 500) + { + processed[x, y] = true; + continue; + } + } } break; default: { + processed[x, y] = true; continue; } } From 3f55a86589943c881626c60e270dcac56d14f6ac Mon Sep 17 00:00:00 2001 From: punchready Date: Fri, 24 Mar 2023 21:40:31 +0100 Subject: [PATCH 6/6] Update changelog --- docs/changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog.md b/docs/changelog.md index be96f88c8..053afcffd 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -106,6 +106,7 @@ Use past tense when adding new entries; sign your name off when you add or chang * Allowed multiple test cases to be in TShock's test suite. (@drunderscore) * Fixed unable to use Purification/Evil Powder in jungle. (@sgkoishi) * Set the `GetDataHandledEventArgs.Player` property for the `SyncTilePicking` data handler. (@drunderscore) +* Improved the exploit protection in tile rect handling. (@punchready) ## TShock 5.1.3 * Added support for Terraria 1.4.4.9 via OTAPI 3.1.20. (@SignatureBeef)