Fix security hole.

src/lishid/openinv/OpenInv.java

@@ -48,10 +48,10 @@ public class OpenInv extends JavaPlugin {
         config = this.getConfiguration();
 
 		PluginManager pm = getServer().getPluginManager();
-		pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Normal, this);
+		pm.registerEvent(Event.Type.PLAYER_JOIN, playerListener, Event.Priority.Highest, this);
 		//pm.registerEvent(Event.Type.PLAYER_RESPAWN, playerListener, Event.Priority.Normal, this);
-		pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Normal, this);
+		pm.registerEvent(Event.Type.PLAYER_INTERACT, playerListener, Event.Priority.Highest, this);
-		pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Normal, this);
+		pm.registerEvent(Event.Type.ENTITY_DAMAGE, entityListener, Event.Priority.Lowest, this);
 		//pm.registerEvent(Event.Type.INVENTORY_CLOSE, inventoryListener, Event.Priority.Normal, this);
     	setupPermissions();
 

src/lishid/openinv/OpenInvInventoryListener.java

@@ -1,10 +0,0 @@
-package lishid.openinv;
-
-import org.bukkit.event.inventory.InventoryListener;
-
-public class OpenInvInventoryListener extends InventoryListener{
-	OpenInv plugin;
-	public OpenInvInventoryListener(OpenInv scrap) {
-		plugin = scrap;
-	}
-}

src/lishid/openinv/OpenInvPlayerListener.java

@@ -1,8 +1,15 @@
 package lishid.openinv;
 
 import net.minecraft.server.Block;
+import net.minecraft.server.EntityPlayer;
+import net.minecraft.server.IInventory;
+import net.minecraft.server.InventoryLargeChest;
+import net.minecraft.server.TileEntityChest;
+import net.minecraft.server.World;
 
+import org.bukkit.ChatColor;
 import org.bukkit.Material;
+import org.bukkit.block.Chest;
 import org.bukkit.block.Sign;
 import org.bukkit.craftbukkit.entity.CraftPlayer;
 import org.bukkit.entity.Player;
@@ -33,15 +40,79 @@ public class OpenInvPlayerListener extends PlayerListener{
 	@Override
 	public void onPlayerInteract(PlayerInteractEvent event)
 	{
-		if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK)
+		if(event.isCancelled())
+			return;
+		
+		if(event.getAction() == Action.RIGHT_CLICK_BLOCK && 
+				event.getClickedBlock().getState() instanceof Chest && 
+				PermissionRelay.hasPermission(event.getPlayer(), "OpenInv.anychest"))
 		{
-			if(event.getClickedBlock() == Block.CHEST ||
+			EntityPlayer player = ((CraftPlayer)event.getPlayer()).getHandle();
+			World world = player.world;
+			int x = event.getClickedBlock().getX();
+			int y = event.getClickedBlock().getY();
+			int z = event.getClickedBlock().getZ();
+			try
+			{
+				boolean override = false;
+				
+				//If block on top
+				if(world.e(x, y + 1, z))
+					override = true;
+	
+				//If block next to chest is chest and has a block on top
+			    if ((world.getTypeId(x - 1, y, z) == Block.CHEST.id) && (world.e(x - 1, y + 1, z)))
+			    	override = true;
+			    if ((world.getTypeId(x + 1, y, z) == Block.CHEST.id) && (world.e(x + 1, y + 1, z)))
+			    	override = true;
+			    if ((world.getTypeId(x, y, z - 1) == Block.CHEST.id) && (world.e(x, y + 1, z - 1)))
+			    	override = true;
+			    if ((world.getTypeId(x, y, z + 1) == Block.CHEST.id) && (world.e(x, y + 1, z + 1)))
+			    	override = true;
+				
+			    //If the chest is blocked
+			    if(override)
+			    {
+			    	//Create chest
+					Object inventory = (TileEntityChest)player.world.getTileEntity(x, y, z);
+				    
+					//Link chest
+				    if (world.getTypeId(x - 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x - 1, y, z), (IInventory)inventory);
+				    if (world.getTypeId(x + 1, y, z) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x + 1, y, z));
+				    if (world.getTypeId(x, y, z - 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (TileEntityChest)world.getTileEntity(x, y, z - 1), (IInventory)inventory);
+				    if (world.getTypeId(x, y, z + 1) == Block.CHEST.id) inventory = new InventoryLargeChest("Large chest", (IInventory)inventory, (TileEntityChest)world.getTileEntity(x, y, z + 1));
+	
+				    //Open chest
+				    player.a((IInventory)inventory);
+				    
+				    //Send a notification
+				    event.getPlayer().sendMessage("You are opening a blocked chest.");
+				    
+				    //Cancel chest open event
+					event.setCancelled(true);
+			    }
+			    /*
+				Chest chest = (Chest)event.getClickedBlock().getState();
+				player.a(((CraftInventory)chest.getInventory()).getInventory());*/
+				return;
+			}
+			catch(Exception e) //Incompatible CraftBukkit?
+			{
+				e.printStackTrace();
+				event.getPlayer().sendMessage(ChatColor.RED + "Error while executing openinv. Unsupported CraftBukkit.");
+			}
+		}
+
+		if(event.getAction() == Action.RIGHT_CLICK_BLOCK && 
+				(event.getClickedBlock() == Block.CHEST ||
 				event.getClickedBlock() == Block.FURNACE ||
-					event.getClickedBlock() == Block.DISPENSER)
+				event.getClickedBlock() == Block.DISPENSER))
 		{
 			return;
 		}
 		
+		if(event.getAction() == Action.RIGHT_CLICK_AIR || event.getAction() == Action.RIGHT_CLICK_BLOCK)
+		{
 			Player player = event.getPlayer();
 			
 			if(!(player.getItemInHand().getType() == Material.STICK)

src/plugin.yml

@@ -1,6 +1,6 @@
 name: OpenInv
 main: lishid.openinv.OpenInv
-version: 1.4.3
+version: 1.4.6
 author: lishid
 description: >
              This plugin allows you to open another player's inventory as a chest