Inventory exploit prevention

Author: Thatsmusic99

src/main/java/io/github/thatsmusic99/headsplus/inventories/BaseInventory.java

@@ -7,6 +7,7 @@
 import io.github.thatsmusic99.headsplus.inventories.icons.list.Air;
 import io.github.thatsmusic99.headsplus.inventories.icons.list.Glass;
 import io.github.thatsmusic99.headsplus.inventories.icons.list.Stats;
+import io.github.thatsmusic99.headsplus.reflection.NBTManager;
 import io.github.thatsmusic99.headsplus.util.CachedValues;
 import io.github.thatsmusic99.headsplus.util.HPUtils;
 import io.github.thatsmusic99.headsplus.util.PagedLists;
@@ -179,6 +180,14 @@ public void onInventoryClick(InventoryClickEvent event) {
         Player player = (Player) event.getWhoClicked();
         if (slot > -1 && slot < event.getInventory().getSize()) {
             event.setCancelled(true);
+            for (int i = 0; i < 46; i++) {
+                ItemStack item = player.getInventory().getItem(i);
+                if (item != null) {
+                    if (NBTManager.isIcon(item)) {
+                        player.getInventory().setItem(i, new ItemStack(Material.AIR));
+                    }
+                }
+            }
             IconClickEvent iconEvent = new IconClickEvent(player, icons[slot]);
             Bukkit.getPluginManager().callEvent(iconEvent);
             if (!iconEvent.isCancelled()) {

src/main/java/io/github/thatsmusic99/headsplus/inventories/Icon.java

@@ -2,6 +2,7 @@
 
 import io.github.thatsmusic99.headsplus.HeadsPlus;
 import io.github.thatsmusic99.headsplus.config.HeadsPlusMessagesManager;
+import io.github.thatsmusic99.headsplus.reflection.NBTManager;
 import org.bukkit.Material;
 import org.bukkit.configuration.file.FileConfiguration;
 import org.bukkit.entity.Player;
@@ -21,7 +22,7 @@ public abstract class Icon {
     private String id;
 
     public Icon(ItemStack itemStack) {
-        item = itemStack;
+        item = NBTManager.addIconNBT(itemStack);
         hpi = hp.getItems().getConfig();
     }
 
@@ -34,11 +35,13 @@ public Icon(String id) {
         hpi = hp.getItems().getConfig();
         this.id = id;
         initItem(id);
+        item = NBTManager.addIconNBT(item);
     }
     public Icon(Player player) {
         hpi = hp.getItems().getConfig();
         initItem(getId());
         initNameAndLore(getId(), player);
+        item = NBTManager.addIconNBT(item);
     }
 
     public Icon() {

src/main/java/io/github/thatsmusic99/headsplus/inventories/icons/content/CustomHead.java

@@ -4,6 +4,7 @@
 import io.github.thatsmusic99.headsplus.api.events.HeadPurchaseEvent;
 import io.github.thatsmusic99.headsplus.inventories.InventoryManager;
 import io.github.thatsmusic99.headsplus.inventories.icons.Content;
+import io.github.thatsmusic99.headsplus.reflection.NBTManager;
 import net.milkbowl.vault.economy.Economy;
 import net.milkbowl.vault.economy.EconomyResponse;
 import org.bukkit.Bukkit;
@@ -64,6 +65,7 @@ public boolean onClick(Player player, InventoryClickEvent event) {
                 ItemMeta meta = item.getItemMeta();
                 meta.setLore(new ArrayList<>());
                 item.setItemMeta(meta);
+                item = NBTManager.removeIconNBT(item);
                 player.getInventory().addItem(item);
             }
         } else {

src/main/java/io/github/thatsmusic99/headsplus/listeners/HPMaskEvents.java

@@ -72,9 +72,19 @@ public void onEvent(PlayerQuitEvent event) {
     @EventHandler
     public void onEvent(InventoryClickEvent e) {
         HeadsPlus hp = HeadsPlus.getInstance();
+        Player player = (Player) e.getWhoClicked();
+        for (int i = 0; i < 46; i++) {
+            ItemStack item = player.getInventory().getItem(i);
+            if (item != null) {
+                if (NBTManager.isIcon(item)) {
+                    player.getInventory().setItem(i, new ItemStack(Material.AIR));
+                }
+            }
+        }
         ItemStack item;
         boolean shift = e.isShiftClick();
         // If we're shift clicking
+
         if (shift) {
             // We need to get the current item
             item = e.getCurrentItem();
@@ -84,6 +94,7 @@ public void onEvent(InventoryClickEvent e) {
             if (e.getAction().equals(InventoryAction.PICKUP_ALL)) return;
             item = e.getCursor();
         }
+
         if (hp.getConfiguration().getPerks().mask_powerups) {
             if (e.getRawSlot() == getSlot() || (shift && e.getRawSlot() != getSlot())) {
                 checkMask((Player) e.getWhoClicked(), item);

src/main/java/io/github/thatsmusic99/headsplus/reflection/NBTManager.java

@@ -464,25 +464,16 @@ public static ItemStack setType(ItemStack i, String type) {
         return setString(i, "headsplus-type", type);
     }
 
-    // This is a funny one, ignore this example
-    public static ItemStack addDatabaseHead(ItemStack i, String id, double price) {
-        try {
-            Object nmsItem = getNMSCopy(i);
-            Object nbtTag = getNBTTag(nmsItem);
-            if (nbtTag == null) {
-                nbtTag = newNBTTag();
-            }
-            Block.class.getMethod("setData", byte.class);
-            Method method = nbtTag.getClass().getMethod("setString", String.class, String.class);
-            method.invoke(nbtTag, "head-id", id);
-            Method method1 = nbtTag.getClass().getMethod("setDouble", String.class, double.class);
-            method1.invoke(nbtTag, "head-price", price);
-            nmsItem = setNBTTag(nmsItem, nbtTag);
-            return asBukkitCopy(nmsItem);
-        } catch (ClassNotFoundException | NoSuchMethodException | InvocationTargetException | IllegalAccessException | InstantiationException e) {
-            e.printStackTrace();
-        }
-        return i;
+    public static ItemStack addIconNBT(ItemStack i) {
+        return setBoolean(i, "hp-gui", true);
+    }
+
+    public static boolean isIcon(ItemStack i) {
+        return getBoolean(i, "hp-gui");
+    }
+
+    public static ItemStack removeIconNBT(ItemStack i) {
+        return setBoolean(i, "hp-gui", false);
     }
 
     public static String getType(ItemStack i) {