luanti-org/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-10-14 09:05:19 +02:00
Code Activity

Fix script security path normalization in presence of links (#15481)

Browse Source
This commit is contained in:
sfan5
2024-12-03 16:51:34 +01:00
committed by GitHub
parent e9080f91f2
commit a4d1b5b155
7 changed files with 112 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/script/scripting_mainmenu.cpp
View File

@@ -76,10 +76,11 @@ void MainMenuScripting::registerLuaClasses(lua_State *L, int top)
bool MainMenuScripting::mayModifyPath(const std::string &path)
{
if (fs::PathStartsWith(path, fs::TempPath()))
std::string path_temp = fs::AbsolutePathPartial(fs::TempPath());
if (fs::PathStartsWith(path, path_temp))
return true;
std::string path_user = fs::RemoveRelativePathComponents(porting::path_user);
std::string path_user = fs::AbsolutePathPartial(porting::path_user);
if (fs::PathStartsWith(path, path_user + DIR_DELIM "client"))
return true;
@@ -92,7 +93,7 @@ bool MainMenuScripting::mayModifyPath(const std::string &path)
if (fs::PathStartsWith(path, path_user + DIR_DELIM "worlds"))
return true;
if (fs::PathStartsWith(path, fs::RemoveRelativePathComponents(porting::path_cache)))
if (fs::PathStartsWith(path, fs::AbsolutePathPartial(porting::path_cache)))
return true;
return false;