minetest/minetest
1
0
Fork 0
mirror of https://github.com/minetest/minetest.git synced 2025-07-01 15:40:23 +02:00
Code Issues Releases Wiki Activity

Don't let HTTP API pass through untrusted function

Browse Source 
This has been a problem since the first day, oops.
This commit is contained in:
sfan5
2021-12-17 18:31:29 +01:00
parent 8472141b79
commit 8c99f2232b
4 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/game/misc.lua
View File

@ -250,7 +250,7 @@ end
-- HTTP callback interface
function core.http_add_fetch(httpenv)
core.set_http_api_lua(function(httpenv)
httpenv.fetch = function(req, callback)
local handle = httpenv.fetch_async(req)
@ -266,7 +266,8 @@ function core.http_add_fetch(httpenv)
end
return httpenv
end
end)
core.set_http_api_lua = nil
function core.close_formspec(player_name, formname)