Escape apostrophes before submitting in the console.
Opened this issue · 2 comments
yiays commented
Using a command like say I'm here
will throw an error, and is probably a security flaw, as code injection is possible here.
hexparrot commented
Do you have an example of any code that can be executed through the Minecraft console we'd want to protect from?
yiays commented
Well, I've found, from messing around with it, that you can type in ';'
and get some interesting responses from the server, for example;
And, strangely, the first time I typed in 'echo "Testing";'
, the server shut down, but I'm unable to reproduce that error.
But, regardless of whether there is potential security problems or not, this should be fixed, as I have to take all apostrophes out of everything I type, or else I get this error;
Which is quite an annoyance.