Skip to content

Commit e8b082f

Browse files
BenCodezBenCodez
committed
Adjustments to javascript command
1 parent a5f8d73 commit e8b082f

File tree

1 file changed

+29
-15
lines changed

1 file changed

+29
-15
lines changed

AdvancedCore/src/com/bencodez/advancedcore/command/CommandLoader.java

Lines changed: 29 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -472,23 +472,37 @@ public void execute(CommandSender sender, String[] args) {
472472
}
473473
});
474474

475-
cmds.add(new CommandHandler(plugin, new String[] { "Javascript", "(List)" }, permPrefix + ".Javascript",
476-
"Execute javascript") {
475+
if (!plugin.getOptions().isDisableJavascript()) {
476+
cmds.add(new CommandHandler(plugin, new String[] { "Javascript", "(List)" }, permPrefix + ".Javascript",
477+
"Execute javascript") {
477478

478-
@Override
479-
public void execute(CommandSender sender, String[] args) {
480-
String str = "";
481-
for (int i = 1; i < args.length; i++) {
482-
str += args[i] + " ";
483-
}
484-
if (sender instanceof Player) {
485-
str = PlaceholderUtils.replacePlaceHolders((Player) sender, str);
479+
@Override
480+
public void execute(CommandSender sender, String[] args) {
481+
if (sender.isOp()) {
482+
String str = "";
483+
for (int i = 1; i < args.length; i++) {
484+
str += args[i] + " ";
485+
}
486+
if (sender instanceof Player) {
487+
str = PlaceholderUtils.replacePlaceHolders((Player) sender, str);
488+
}
489+
JavascriptEngine engine = new JavascriptEngine();
490+
engine.addPlayer(sender);
491+
String javascript = str.trim();
492+
if (MessageAPI.containsIgnorecase(javascript, "powershell")
493+
|| MessageAPI.containsIgnorecase(javascript, "touch")) {
494+
sendMessage(sender, "&aNot allowed");
495+
plugin.getLogger()
496+
.warning("Player " + sender.getName() + " attempted to run shell commands");
497+
return;
498+
}
499+
sendMessage(sender, "&cJavascript result: " + engine.getStringValue(javascript));
500+
} else {
501+
sendMessage(sender, "&aNot allowed");
502+
}
486503
}
487-
JavascriptEngine engine = new JavascriptEngine();
488-
engine.addPlayer(sender);
489-
sendMessage(sender, "&cJavascript result: " + engine.getStringValue(str.trim()));
490-
}
491-
});
504+
});
505+
}
492506

493507
cmds.add(new CommandHandler(plugin, new String[] { "SetRequestMethod", "(RequestMethod)" },
494508
permPrefix + ".SetRequestMethod", "SetRequestMethod", false) {

0 commit comments

Comments
 (0)