duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #228 from simoleo89/fix/modtool-inputs

Browse Source 
fix(modtool): bound staff supplied targets
This commit is contained in:
DuckieTM
2026-06-17 10:00:31 +02:00
committed by GitHub
parent 42708c0b07 e24020e9df
commit f2a010b25c
12 changed files with 50 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java
+24
View File
@@ -109,4 +109,28 @@ class ModToolPermissionContractTest {
handler + " must reject empty or oversized staff-supplied text");
}
}
@Test
void staffSuppliedModToolTargetsArePositiveBeforeLookupOrMutation() throws Exception {
Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/modtool");
for (String handler : List.of(
"ModToolAlertEvent.java",
"ModToolWarnEvent.java",
"ModToolKickEvent.java",
"ModToolChangeRoomSettingsEvent.java",
"ModToolRequestRoomInfoEvent.java",
"ModToolRequestRoomVisitsEvent.java",
"ModToolIssueDefaultSanctionEvent.java",
"ModToolSanctionAlertEvent.java",
"ModToolSanctionBanEvent.java",
"ModToolSanctionMuteEvent.java",
"ModToolSanctionTradeLockEvent.java"
)) {
String source = Files.readString(base.resolve(handler));
assertTrue(source.contains("ModToolTicketGuard.isPositiveId"),
handler + " must reject zero or negative client-provided ids before manager/database lookups");
}
}
}