Time stamp format, to/from messages, etc.

In servers with a creative world this can allow players to bring hacked books with impossible enchants into the server.
By getting a written book with enchants (for example, looting 255) in a creative world, you can /post this to yourself (or others) and quickly go to the survival world to get it.

This can be remedied by denying /post permissions in creative worlds/gamemodes if the permission plugin has this functionality, but I'm of the opinion that the plugin could deal with this too.

I think the ideal solution here is to have a permission that strips the enchants of the book if it isn't set. This can be done with https://hub.spigotmc.org/javadocs/spigot/org/bukkit/inventory/meta/ItemMeta.html#hasEnchants() and https://hub.spigotmc.org/javadocs/spigot/org/bukkit/inventory/meta/ItemMeta.html#removeEnchant(org.bukkit.enchantments.Enchantment)

Describe the bug
Postmen can be infinitely spawned and will not despawn.

Steps to reproduce

1. Send a letter to yourself or receive a letter from someone else
2. Do /unread to summon the postman
3. Relog
4. The postman will now be invincible and will never despawn.

I’m using CourierNew on the server, but when someone tries to log in while holding the book, the message ‘you do not have permission to use this command’ appears instead, and the player can’t log in. Can you help me? The name of the login plugin is OpeNLogin.

Hi, I am using a spigot 1.14.2 server and some of the players can receive but some can't because the command says "They do not exist" even though they very well do. I tried looking it up on other places to try and find a quick similar fix but I have been unable to find similar problems. I was wondering if there was a way to send letters to these players using either their UUID or if there was another easy fix I could tell others to do when sending letters to the unable to receive players.
Thank you!

(If you need any more issues please feel free to let me know)

Is possible add 1.8 support?, thank you!

As it is, the send method dangerously relies on non-malicious item metadata being passed through it. This is supposed to be prevented through the letter checker, but the way this check is handled means that currently, letters with things like attributes, custom lore, custom display names, et cetera can be sent. Because of Minecraft being a game that receives frequent updates, more kinds of abusable item metadata being added in the future is likely, meaning that using the letter checker to manually go through all of this metadata becomes tedious and difficult to maintain.

Instead, sending a letter should create a new letter ItemStack that only takes exactly the metadata that it needs from the letter the player is sending, which in this case is the book author and the book's contents. All other metadata should be added to that ItemStack at the time that it's sent, rather than adding it to a letter during its creation, as to ensure that letters do not have player-modified metadata.

In essence, how the send method should look:

• Verify that a letter is being sent by its original creator through the letter check
• Create a new ItemStack that takes the page and author data directly from the sender's original item*
• Apply lore and title based on the contents of the letter, the letter's recipients, the letter author, and the current date and time (and any other metadata that's used, but this is all that comes to mind right now)
• Send letter

*We know that the author is valid based on step 1. Validating page content for things like exploits is outside the scope of this issue, but should be investigated (as an example, I know there used to be books that ran commands if you clicked them -- should see if they are still possible).

Hey, my server got a problem. We disabled Villagers so they aren't able to spawn. Would it be possible to change the mob type? I'd love it

Greetings

The check does not also test who owns the courier. It should check for one of the players own couriers. Otherwise, a different player will never get their courier and the logic to spawn it again will not run. Also move these checks to the canSpawn function.