(security) fixed bungeecord InitialHandler username sanitizer

eaglercraftbungee/src/main/java/net/md_5/bungee/connection/InitialHandler.java

@@ -115,20 +115,25 @@ public class InitialHandler extends PacketHandler implements PendingConnection {
 		}else if(handshake.getProcolVersion() != 61) {
 			this.disconnect("minecraft 1.5.2 required for eaglercraft backdoor access");
 		}
-		if (handshake.getUsername().length() < 3) {
+		String un = handshake.getUsername();
+		if (un.length() < 3) {
 			this.disconnect("Username must be at least 3 characters");
 			return;
 		}
-		if (handshake.getUsername().length() > 16) {
+		if (un.length() > 16) {
 			this.disconnect("Cannot have username longer than 16 characters");
 			return;
 		}
+		if(!un.equals(un.replaceAll("[^A-Za-z0-9\\-_]", "_").trim())) {
+			this.disconnect("Go fuck yourself");
+			return;
+		}
 		final int limit = BungeeCord.getInstance().config.getPlayerLimit();
 		if (limit > 0 && this.bungee.getOnlineCount() > limit) {
 			this.disconnect(this.bungee.getTranslation("proxy_full"));
 			return;
 		}
-		if (!BungeeCord.getInstance().config.isOnlineMode() && this.bungee.getPlayer(handshake.getUsername()) != null) {
+		if (!BungeeCord.getInstance().config.isOnlineMode() && this.bungee.getPlayer(un) != null) {
 			this.disconnect(this.bungee.getTranslation("already_connected"));
 			return;
 		}

stable-download/java/bukkit_command/server.properties

@@ -2,7 +2,7 @@
 #Fri Dec 17 18:41:02 PST 2021
 view-distance=10
 max-build-height=256
-server-ip=
+server-ip=127.0.0.1
 level-seed=
 allow-nether=true
 server-port=25569

stable-download/java/bungee_command/config.yml

@@ -25,5 +25,5 @@ permissions:
 timeout: 30000
 servers:
   lobby:
-    address: localhost:25569
+    address: 127.0.0.1:25569
     restricted: false