diff options
author | NEMESIS13cz <seke94@seznam.cz> | 2015-08-25 18:33:43 +0200 |
---|---|---|
committer | NEMESIS13cz <seke94@seznam.cz> | 2015-08-25 18:33:43 +0200 |
commit | cbdfd4af2370ac2070d5746501bb8f1cf243df46 (patch) | |
tree | 8c7493910c1ccc4be92a6807a276009458fe1d2e /misc.py | |
parent | 0ea6183c0342b61e617bc5442d6e82c5db8f2060 (diff) |
Added a /sudo blacklist as a final security update
Diffstat (limited to 'misc.py')
-rw-r--r-- | misc.py | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -114,7 +114,9 @@ def rs_material_broken_by_flow(material): length = len(parts) return length > 1 and (parts[0] == "DIODE" or parts[1] in ("TORCH", "WIRE", "BUTTON", "HOOK") or (length == 3 and parts[1] == "COMPARATOR")) - +sudo_blacklist = ["pyeval", "script_backup_begin", "script_backup_end", "script_backup_error", "script_backup_database_begin", "script_backup_database_dumps", "script_backup_database_end", +"script_backup_database_error", "script_backup_database_abort", "script_trim", "script_trim_result", "script_spigot_update", "script_disk_filled", "script_restart", "script_restart_abort", +"script_stop", "script_stop_abort", "script_shutdown"] @simplecommand("sudo", usage = "<player> [cmd..]", @@ -127,11 +129,14 @@ def on_sudo_command(sender, command, label, args): msg(sender, "&2[SUDO] &rRunning '&e%s&r' as &3%s" % (cmd, target)) is_cmd = cmd[0] == "/" is_console = target.lower() in ["server", "console"] + first_cmd = (args[1])[1:] if is_cmd else None + if first_cmd in sudo_blacklist and (is_player(sender) and uid(sender) not in pythoners): + return "&cYou can't sudo this command" if is_console: server.dispatchCommand(server.getConsoleSender(), cmd[1:] if is_cmd else cmd) return None target_player = server.getPlayer(target) - if target_player and uid(target_player) not in pythoners: + if target_player: target_player.chat(cmd) return None return "&cPlayer %s not found!" % target |