From ab36efe96e036fd31371883679c7c7ffee721f05 Mon Sep 17 00:00:00 2001
From: SpigotRCE <128710385+SpigotRCE@users.noreply.github.com>
Date: Tue, 26 Nov 2024 22:36:55 +0530
Subject: [PATCH] Fixed plugin messaging exploit

---
 .../utils/ruom/messaging/VelocityMessagingChannel.java     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/ir/syrent/velocityreport/utils/ruom/messaging/VelocityMessagingChannel.java b/src/main/java/ir/syrent/velocityreport/utils/ruom/messaging/VelocityMessagingChannel.java
index 146c38b..b52ccce 100644
--- a/src/main/java/ir/syrent/velocityreport/utils/ruom/messaging/VelocityMessagingChannel.java
+++ b/src/main/java/ir/syrent/velocityreport/utils/ruom/messaging/VelocityMessagingChannel.java
@@ -39,8 +39,9 @@ public void unregister(VelocityMessagingEvent messagingEvent) {
 
     @Subscribe
     public void onMessageReceive(PluginMessageEvent event) {
-        if (!(event.getSource() instanceof ServerConnection)) return;
-        if (!event.getIdentifier().equals(name)) return;
+        if (!event.getIdentifier().equals(name)) return; // Not our channel
+        event.setResult(PluginMessageEvent.ForwardResult.handled()); // Drop the packet
+        if (!(event.getSource() instanceof ServerConnection)) return; // Somebody is trying to hack us
 
         String rawMessage = new String(event.getData(), StandardCharsets.UTF_8);
         if (rawMessage.isEmpty()) return;
@@ -60,4 +61,4 @@ public ChannelIdentifier getName() {
         return name;
     }
 
-}
\ No newline at end of file
+}