1
0
Fork 0
mirror of https://github.com/AquariaOSE/Aquaria.git synced 2024-11-16 14:50:01 +00:00

Merge branch 'experimental' of file:///Users/User/code/coding/Aquaria_fg_clean into experimental

This commit is contained in:
fgenesis 2014-02-12 16:04:19 +00:00
commit 00c7f97ea8

View file

@ -656,6 +656,32 @@ inline float interpolateVec3(lua_State *L, InterpolatedVector& vec, int argOffs)
getBool(L, argOffs+6)); // ease getBool(L, argOffs+6)); // ease
} }
static void safePath(lua_State *L, const std::string& path)
{
// invalid characters for file/path names.
// Filter out \ as well, it'd work on on win32 only, so it's not supposed to be used.
size_t invchr = path.find_first_of("\\\":*?<>|");
if(invchr != std::string::npos)
{
lua_pushfstring(L, "Invalid char in path/file name: %c", path[invchr]);
lua_error(L);
}
// Block attempts to access files outside of the "safe area"
if(path.length())
{
if(path[0] == '/')
{
lua_pushliteral(L, "Absolute paths are not allowed");
lua_error(L);
}
if(path.find("../") != std::string::npos)
{
lua_pushliteral(L, "Accessing parent is not allowed");
lua_error(L);
}
}
}
//----------------------------------// //----------------------------------//
@ -833,6 +859,15 @@ luaFunc(loadfile_caseinsensitive)
} }
} }
luaFunc(fileExists)
{
const std::string s = getString(L);
safePath(L, s);
std::string res;
bool there = findFile_helper(s.c_str(), res);
luaReturnBool(there);
}
// ----- RenderObject common functions ----- // ----- RenderObject common functions -----
@ -8801,6 +8836,8 @@ static const struct {
{"dofile", l_dofile_caseinsensitive}, {"dofile", l_dofile_caseinsensitive},
{"loadfile", l_loadfile_caseinsensitive}, {"loadfile", l_loadfile_caseinsensitive},
luaRegister(fileExists),
luaRegister(debugBreak), luaRegister(debugBreak),
luaRegister(setIgnoreAction), luaRegister(setIgnoreAction),
luaRegister(isIgnoreAction), luaRegister(isIgnoreAction),