From 38cd07d025c6d6e6eb73d19534f866c5bcb5e25d Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 17 May 2021 18:25:28 -0400 Subject: [PATCH] discord plugin: sanity check user id and avatar id before building url --- .../client/plugins/discord/DiscordPlugin.java | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/runelite-client/src/main/java/net/runelite/client/plugins/discord/DiscordPlugin.java b/runelite-client/src/main/java/net/runelite/client/plugins/discord/DiscordPlugin.java index 75c076b4c9..966cc381c7 100644 --- a/runelite-client/src/main/java/net/runelite/client/plugins/discord/DiscordPlugin.java +++ b/runelite-client/src/main/java/net/runelite/client/plugins/discord/DiscordPlugin.java @@ -25,6 +25,7 @@ */ package net.runelite.client.plugins.discord; +import com.google.common.base.CharMatcher; import com.google.common.base.Strings; import com.google.inject.Inject; import com.google.inject.Provides; @@ -246,18 +247,30 @@ public class DiscordPlugin extends Plugin return; } - String url = "https://cdn.discordapp.com/avatars/" + event.getUserId() + "/" + event.getAvatarId() + ".png"; + CharMatcher matcher = CharMatcher.anyOf("abcdef0123456789"); + if (!matcher.matchesAllOf(event.getUserId()) || !matcher.matchesAllOf(event.getAvatarId())) + { + // userid is actually a snowflake, but the matcher is sufficient + return; + } + + final String url; if (Strings.isNullOrEmpty(event.getAvatarId())) { final String[] split = memberById.getName().split("#", 2); - - if (split.length == 2) + if (split.length != 2) { - int disc = Integer.valueOf(split[1]); - int avatarId = disc % 5; - url = "https://cdn.discordapp.com/embed/avatars/" + avatarId + ".png"; + return; } + + int disc = Integer.parseInt(split[1]); + int avatarId = disc % 5; + url = "https://cdn.discordapp.com/embed/avatars/" + avatarId + ".png"; + } + else + { + url = "https://cdn.discordapp.com/avatars/" + event.getUserId() + "/" + event.getAvatarId() + ".png"; } log.debug("Got user avatar {}", url);