| Fix build
| 3 年前 |
| Use PHP-CS-Fixer to enforce file header presence
| 3 年前 |
| Merge 'stable' into 'minor-next'
Automatic merge performed by: https://github.com/pmmp/RestrictedActions/actions/runs/21187272316
| 3 个月前 |
| Fixed missing handling for some ContainerUIIds
SMITHING_TABLE_TEMPLATE is new in 1.20
HORSE_EQUIP was always present, but somehow got overlooked when building up that big ugly switch table
| 2 年前 |
| Fixed content log warning about recipe with missing ID
| 9 个月前 |
| ..............
| 3 年前 |
| Release 5.22.0 (Bedrock 1.21.50 support) (#6559)
Co-authored-by: Dylan K. Taylor <dktapps@pmmp.io> | 1 年前 |
| shut up bruv
| 7 个月前 |
| Use PHP-CS-Fixer to enforce file header presence
| 3 年前 |
| ...
| 3 个月前 |
| Skip decoding packets which are never handled by the current PacketHandler (#6965)
Using reflection, we can determine which packets a PacketHandler class will
actually handle and skip decoding the ones that it won't handle. This is
a significant upgrade to server security and possibly performance.
The reflection metadata is calculated the first time a handler class is
used and cached afterwards. This means that the performance impact of
this sorta-hack is negligible.
Previously, any designated serverbound packet would be decoded by the
server at any time, regardless of whether it would actually be handled,
which allowed attackers to waste CPU time by making the server chew
through packets that it wouldn't actually do anything with anyway. While
this doesn't fix any outstanding security vulnerability, it does
significantly limit what attackers can do and when.
This change will affect plugins using DataPacketReceiveEvent to capture
packets not used by PocketMine-MP. If a plugin needs to handle a packet
that isn't handled by PocketMine-MP's core packet handlers, it can declare
an event handler for DataPacketDecodeEvent with @handleCancelled in
the doc comment, and use $ev->uncancel() to restore the old behaviour
and make the packets get passed to DataPacketReceiveEvent. It's best to
filter by packet ID when doing this, and only uncancel when it sees a
packet it wants to handle, to avoid negating the benefits of this change. | 4 个月前 |
| Merge branch 'stable' into minor-next
| 3 个月前 |
| Bedrock 1.21.130 (#6939)
Co-authored-by: dries-c <15795262+dries-c@users.noreply.github.com> | 5 个月前 |
| Bedrock 1.21.130 (#6939)
Co-authored-by: dries-c <15795262+dries-c@users.noreply.github.com> | 5 个月前 |
| Skip decoding packets which are never handled by the current PacketHandler (#6965)
Using reflection, we can determine which packets a PacketHandler class will
actually handle and skip decoding the ones that it won't handle. This is
a significant upgrade to server security and possibly performance.
The reflection metadata is calculated the first time a handler class is
used and cached afterwards. This means that the performance impact of
this sorta-hack is negligible.
Previously, any designated serverbound packet would be decoded by the
server at any time, regardless of whether it would actually be handled,
which allowed attackers to waste CPU time by making the server chew
through packets that it wouldn't actually do anything with anyway. While
this doesn't fix any outstanding security vulnerability, it does
significantly limit what attackers can do and when.
This change will affect plugins using DataPacketReceiveEvent to capture
packets not used by PocketMine-MP. If a plugin needs to handle a packet
that isn't handled by PocketMine-MP's core packet handlers, it can declare
an event handler for DataPacketDecodeEvent with @handleCancelled in
the doc comment, and use $ev->uncancel() to restore the old behaviour
and make the packets get passed to DataPacketReceiveEvent. It's best to
filter by packet ID when doing this, and only uncancel when it sees a
packet it wants to handle, to avoid negating the benefits of this change. | 4 个月前 |
| Skip decoding packets which are never handled by the current PacketHandler (#6965)
Using reflection, we can determine which packets a PacketHandler class will
actually handle and skip decoding the ones that it won't handle. This is
a significant upgrade to server security and possibly performance.
The reflection metadata is calculated the first time a handler class is
used and cached afterwards. This means that the performance impact of
this sorta-hack is negligible.
Previously, any designated serverbound packet would be decoded by the
server at any time, regardless of whether it would actually be handled,
which allowed attackers to waste CPU time by making the server chew
through packets that it wouldn't actually do anything with anyway. While
this doesn't fix any outstanding security vulnerability, it does
significantly limit what attackers can do and when.
This change will affect plugins using DataPacketReceiveEvent to capture
packets not used by PocketMine-MP. If a plugin needs to handle a packet
that isn't handled by PocketMine-MP's core packet handlers, it can declare
an event handler for DataPacketDecodeEvent with @handleCancelled in
the doc comment, and use $ev->uncancel() to restore the old behaviour
and make the packets get passed to DataPacketReceiveEvent. It's best to
filter by packet ID when doing this, and only uncancel when it sees a
packet it wants to handle, to avoid negating the benefits of this change. | 4 个月前 |