mirror of
https://github.com/AquariaOSE/Aquaria.git
synced 2024-12-24 13:45:47 +00:00
Fix problematic Lua init and add user setting to keep 'os' and 'io' functions.
From the Lua 5.1 manual: "The luaopen_* functions (to open libraries) cannot be called directly, like a regular C function. They must be called through Lua, like a Lua function." All standard tables are now loaded with luaL_openlibs(), which includes os and io. Because these are inherently unsafe, there is a new config setting: <AllowDangerousScriptFunctions on="1" /> This is disabled by default. The title screen will show a warning when the setting is on.
This commit is contained in:
parent
3db8c9e13a
commit
86d2fcebda
5 changed files with 38 additions and 9 deletions
|
@ -813,7 +813,10 @@ void loadBitForTexPrecache()
|
|||
void DSQ::setVersionLabelText()
|
||||
{
|
||||
#ifdef AQUARIA_OVERRIDE_VERSION_STRING
|
||||
versionLabel->setText(AQUARIA_OVERRIDE_VERSION_STRING);
|
||||
std::string overrideText = AQUARIA_OVERRIDE_VERSION_STRING;
|
||||
if(user.system.allowDangerousScriptFunctions)
|
||||
overrideText += continuity.stringBank.get(2050);
|
||||
versionLabel->setText(overrideText);
|
||||
return;
|
||||
#endif
|
||||
|
||||
|
@ -848,6 +851,9 @@ void DSQ::setVersionLabelText()
|
|||
os << AQUARIA_CUSTOM_BUILD_ID;
|
||||
#endif
|
||||
|
||||
if(user.system.allowDangerousScriptFunctions)
|
||||
os << continuity.stringBank.get(2050);
|
||||
|
||||
versionLabel->setText(os.str());
|
||||
}
|
||||
|
||||
|
@ -907,13 +913,13 @@ This build is not yet final, and as such there are a couple things lacking. They
|
|||
// steam gets inited in here
|
||||
Core::init();
|
||||
|
||||
dsq->continuity.stringBank.load();
|
||||
continuity.stringBank.load();
|
||||
|
||||
vars = &v;
|
||||
v.load();
|
||||
|
||||
// steam callbacks are inited here
|
||||
dsq->continuity.init();
|
||||
continuity.init();
|
||||
|
||||
// do copy stuff
|
||||
#ifdef BBGE_BUILD_UNIX
|
||||
|
|
|
@ -60,6 +60,9 @@ bool complainOnGlobalVar = false;
|
|||
// thread-local variable.
|
||||
bool complainOnUndefLocal = false;
|
||||
|
||||
// Set to true to make 'os' and 'io' Lua tables accessible
|
||||
bool allowUnsafeFunctions = false;
|
||||
|
||||
|
||||
// List of all interface functions called by C++ code, terminated by NULL.
|
||||
static const char * const interfaceFunctions[] = {
|
||||
|
@ -10650,6 +10653,8 @@ void ScriptInterface::init()
|
|||
complainOnGlobalVar = devmode;
|
||||
complainOnUndefLocal = devmode;
|
||||
|
||||
allowUnsafeFunctions = dsq->user.system.allowDangerousScriptFunctions;
|
||||
|
||||
if (!baseState)
|
||||
baseState = createLuaVM();
|
||||
}
|
||||
|
@ -10669,11 +10674,15 @@ void *ScriptInterface::the_alloc(void *ud, void *ptr, size_t osize, size_t nsize
|
|||
lua_State *ScriptInterface::createLuaVM()
|
||||
{
|
||||
lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */
|
||||
luaopen_base(state); /* opens the basic library */
|
||||
luaopen_table(state); /* opens the table library */
|
||||
luaopen_string(state); /* opens the string lib. */
|
||||
luaopen_math(state); /* opens the math lib. */
|
||||
luaopen_debug(state);
|
||||
luaL_openlibs(state);
|
||||
|
||||
if(!allowUnsafeFunctions)
|
||||
{
|
||||
lua_pushnil(state);
|
||||
lua_setglobal(state, "os");
|
||||
lua_pushnil(state);
|
||||
lua_setglobal(state, "io");
|
||||
}
|
||||
|
||||
// Set up various tables for state management:
|
||||
|
||||
|
|
|
@ -60,6 +60,12 @@ void UserSettings::save()
|
|||
xml_devmode.SetAttribute("on", system.devModeOn);
|
||||
}
|
||||
xml_system.InsertEndChild(xml_devmode);
|
||||
|
||||
TiXmlElement xml_unsafe("AllowDangerousScriptFunctions");
|
||||
{
|
||||
xml_unsafe.SetAttribute("on", system.allowDangerousScriptFunctions);
|
||||
}
|
||||
xml_system.InsertEndChild(xml_unsafe);
|
||||
}
|
||||
doc.InsertEndChild(xml_system);
|
||||
|
||||
|
@ -382,6 +388,12 @@ void UserSettings::load(bool doApply, const std::string &overrideFile)
|
|||
{
|
||||
xml_devmode->Attribute("on", &system.devModeOn);
|
||||
}
|
||||
|
||||
TiXmlElement *xml_unsafe = xml_system->FirstChildElement("AllowDangerousScriptFunctions");
|
||||
if (xml_unsafe)
|
||||
{
|
||||
xml_unsafe->Attribute("on", &system.allowDangerousScriptFunctions);
|
||||
}
|
||||
}
|
||||
|
||||
TiXmlElement *xml_audio = doc.FirstChildElement("Audio");
|
||||
|
|
|
@ -78,10 +78,11 @@ class UserSettings
|
|||
public:
|
||||
struct System
|
||||
{
|
||||
System() { debugLogOn = 0; devModeOn = 0; }
|
||||
System() { debugLogOn = 0; devModeOn = 0; allowDangerousScriptFunctions = 0; }
|
||||
int debugLogOn;
|
||||
std::string locale;
|
||||
int devModeOn;
|
||||
int allowDangerousScriptFunctions;
|
||||
} system;
|
||||
|
||||
struct Audio
|
||||
|
|
|
@ -208,6 +208,7 @@
|
|||
2032 [Achievements]
|
||||
2033 Retrieving online mod list...
|
||||
2034 Open URL in web browser?
|
||||
2050 -- WARNING: Dangerous script functions are ENABLED!
|
||||
2100 === for options menu ===
|
||||
2101 Action
|
||||
2102 Key 1
|
||||
|
|
Loading…
Reference in a new issue