luanti-org/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-10-13 16:45:20 +02:00
Code Activity

Add mod security

Browse Source 
Due to compatibility concerns, this is temporarily disabled.
This commit is contained in:
ShadowNinja
2014-09-05 20:08:51 -04:00
parent f26421228b
commit 3a8c788880
22 changed files with 812 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/script/cpp_api/s_base.cpp
View File

@@ -19,6 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "cpp_api/s_base.h"
#include "cpp_api/s_internal.h"
#include "cpp_api/s_security.h"
#include "lua_api/l_object.h"
#include "serverobject.h"
#include "debug.h"
@@ -45,18 +46,18 @@ class ModNameStorer
private:
lua_State *L;
public:
ModNameStorer(lua_State *L_, const std::string &modname):
ModNameStorer(lua_State *L_, const std::string &mod_name):
L(L_)
{
// Store current modname in registry
lua_pushstring(L, modname.c_str());
lua_setfield(L, LUA_REGISTRYINDEX, "current_modname");
// Store current mod name in registry
lua_pushstring(L, mod_name.c_str());
lua_setfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD);
}
~ModNameStorer()
{
// Clear current modname in registry
// Clear current mod name from registry
lua_pushnil(L);
lua_setfield(L, LUA_REGISTRYINDEX, "current_modname");
lua_setfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD);
}
};
@@ -112,32 +113,31 @@ ScriptApiBase::~ScriptApiBase()
lua_close(m_luastack);
}
bool ScriptApiBase::loadMod(const std::string &scriptpath,
const std::string &modname)
bool ScriptApiBase::loadMod(const std::string &script_path,
const std::string &mod_name)
{
ModNameStorer modnamestorer(getStack(), modname);
ModNameStorer mod_name_storer(getStack(), mod_name);
if (!string_allowed(modname, MODNAME_ALLOWED_CHARS)) {
errorstream<<"Error loading mod \""<<modname
<<"\": modname does not follow naming conventions: "
<<"Only chararacters [a-z0-9_] are allowed."<<std::endl;
return false;
}
return loadScript(scriptpath);
return loadScript(script_path);
}
bool ScriptApiBase::loadScript(const std::string &scriptpath)
bool ScriptApiBase::loadScript(const std::string &script_path)
{
verbosestream<<"Loading and running script from "<<scriptpath<<std::endl;
verbosestream << "Loading and running script from " << script_path << std::endl;
lua_State *L = getStack();
int ret = luaL_loadfile(L, scriptpath.c_str()) || lua_pcall(L, 0, 0, m_errorhandler);
if (ret) {
bool ok;
if (m_secure) {
ok = ScriptApiSecurity::safeLoadFile(L, script_path.c_str());
} else {
ok = !luaL_loadfile(L, script_path.c_str());
}
ok = ok && !lua_pcall(L, 0, 0, m_errorhandler);
if (!ok) {
errorstream << "========== ERROR FROM LUA ===========" << std::endl;
errorstream << "Failed to load and run script from " << std::endl;
errorstream << scriptpath << ":" << std::endl;
errorstream << script_path << ":" << std::endl;
errorstream << std::endl;
errorstream << lua_tostring(L, -1) << std::endl;
errorstream << std::endl;