Player coordinate leak on teleport

When player#1 teleports far away from player#2, the server will send a teleport packet including player#1's location to player#2. Modified clients can use this to track where the player went.

 

On servers with plugins this can become a bit of a problem if player#1 teleports to a secret home base or whatever and player#2 shouldn't be in on it.

 

The cause:

I will be using spigot mappings to describe code below. The code is free of spigot/craftbukkit changes. I also have a fix.

 

The following is a paste of what appears to be the "tick trackers" method in PlayerChunkMap:

https://gist.github.com/Spottedleaf/fc9c04005a737274ee9c4cfce9297e2f

 

I've commented areas important.

 

The key point is that even though the entity tracker is re-tracked on entity position changes (see first update players comment), it doesn't actually matter at that stage since the updatePlayer() method in EntityTracker only checks distance against the location contained in the tracker entry. So it will keep player#2 tracking player#1. From there the tracker entry tick/update method is called after; causing a teleport packet to be broadcasted to player#2.

 

The fix I've found to work is to simply use the actual position of the tracked entity. I don't see any risks of doing that.

 

The patch is below:

https://gist.github.com/Spottedleaf/d4129691d728be7b0ce292375f8d86d8