mirror of
https://github.com/AquariaOSE/Aquaria.git
synced 2024-11-16 06:29:31 +00:00
Merge branch 'experimental' of file:///Users/User/code/coding/Aquaria_fg_clean into experimental
This commit is contained in:
commit
00c7f97ea8
1 changed files with 37 additions and 0 deletions
|
@ -656,6 +656,32 @@ inline float interpolateVec3(lua_State *L, InterpolatedVector& vec, int argOffs)
|
||||||
getBool(L, argOffs+6)); // ease
|
getBool(L, argOffs+6)); // ease
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void safePath(lua_State *L, const std::string& path)
|
||||||
|
{
|
||||||
|
// invalid characters for file/path names.
|
||||||
|
// Filter out \ as well, it'd work on on win32 only, so it's not supposed to be used.
|
||||||
|
size_t invchr = path.find_first_of("\\\":*?<>|");
|
||||||
|
if(invchr != std::string::npos)
|
||||||
|
{
|
||||||
|
lua_pushfstring(L, "Invalid char in path/file name: %c", path[invchr]);
|
||||||
|
lua_error(L);
|
||||||
|
}
|
||||||
|
// Block attempts to access files outside of the "safe area"
|
||||||
|
if(path.length())
|
||||||
|
{
|
||||||
|
if(path[0] == '/')
|
||||||
|
{
|
||||||
|
lua_pushliteral(L, "Absolute paths are not allowed");
|
||||||
|
lua_error(L);
|
||||||
|
}
|
||||||
|
if(path.find("../") != std::string::npos)
|
||||||
|
{
|
||||||
|
lua_pushliteral(L, "Accessing parent is not allowed");
|
||||||
|
lua_error(L);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//----------------------------------//
|
//----------------------------------//
|
||||||
|
|
||||||
|
@ -833,6 +859,15 @@ luaFunc(loadfile_caseinsensitive)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
luaFunc(fileExists)
|
||||||
|
{
|
||||||
|
const std::string s = getString(L);
|
||||||
|
safePath(L, s);
|
||||||
|
std::string res;
|
||||||
|
bool there = findFile_helper(s.c_str(), res);
|
||||||
|
luaReturnBool(there);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// ----- RenderObject common functions -----
|
// ----- RenderObject common functions -----
|
||||||
|
@ -8801,6 +8836,8 @@ static const struct {
|
||||||
{"dofile", l_dofile_caseinsensitive},
|
{"dofile", l_dofile_caseinsensitive},
|
||||||
{"loadfile", l_loadfile_caseinsensitive},
|
{"loadfile", l_loadfile_caseinsensitive},
|
||||||
|
|
||||||
|
luaRegister(fileExists),
|
||||||
|
|
||||||
luaRegister(debugBreak),
|
luaRegister(debugBreak),
|
||||||
luaRegister(setIgnoreAction),
|
luaRegister(setIgnoreAction),
|
||||||
luaRegister(isIgnoreAction),
|
luaRegister(isIgnoreAction),
|
||||||
|
|
Loading…
Reference in a new issue