diff --git a/Aquaria/DSQ.cpp b/Aquaria/DSQ.cpp index f090384..61a14b8 100644 --- a/Aquaria/DSQ.cpp +++ b/Aquaria/DSQ.cpp @@ -813,7 +813,10 @@ void loadBitForTexPrecache() void DSQ::setVersionLabelText() { #ifdef AQUARIA_OVERRIDE_VERSION_STRING - versionLabel->setText(AQUARIA_OVERRIDE_VERSION_STRING); + std::string overrideText = AQUARIA_OVERRIDE_VERSION_STRING; + if(user.system.allowDangerousScriptFunctions) + overrideText += continuity.stringBank.get(2050); + versionLabel->setText(overrideText); return; #endif @@ -848,6 +851,9 @@ void DSQ::setVersionLabelText() os << AQUARIA_CUSTOM_BUILD_ID; #endif + if(user.system.allowDangerousScriptFunctions) + os << continuity.stringBank.get(2050); + versionLabel->setText(os.str()); } @@ -907,13 +913,13 @@ This build is not yet final, and as such there are a couple things lacking. They // steam gets inited in here Core::init(); - dsq->continuity.stringBank.load(); + continuity.stringBank.load(); vars = &v; v.load(); // steam callbacks are inited here - dsq->continuity.init(); + continuity.init(); // do copy stuff #ifdef BBGE_BUILD_UNIX diff --git a/Aquaria/ScriptInterface.cpp b/Aquaria/ScriptInterface.cpp index 07e49b8..45cdebc 100644 --- a/Aquaria/ScriptInterface.cpp +++ b/Aquaria/ScriptInterface.cpp @@ -60,6 +60,9 @@ bool complainOnGlobalVar = false; // thread-local variable. bool complainOnUndefLocal = false; +// Set to true to make 'os' and 'io' Lua tables accessible +bool allowUnsafeFunctions = false; + // List of all interface functions called by C++ code, terminated by NULL. static const char * const interfaceFunctions[] = { @@ -10650,6 +10653,8 @@ void ScriptInterface::init() complainOnGlobalVar = devmode; complainOnUndefLocal = devmode; + allowUnsafeFunctions = dsq->user.system.allowDangerousScriptFunctions; + if (!baseState) baseState = createLuaVM(); } @@ -10669,11 +10674,15 @@ void *ScriptInterface::the_alloc(void *ud, void *ptr, size_t osize, size_t nsize lua_State *ScriptInterface::createLuaVM() { lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */ - luaopen_base(state); /* opens the basic library */ - luaopen_table(state); /* opens the table library */ - luaopen_string(state); /* opens the string lib. */ - luaopen_math(state); /* opens the math lib. */ - luaopen_debug(state); + luaL_openlibs(state); + + if(!allowUnsafeFunctions) + { + lua_pushnil(state); + lua_setglobal(state, "os"); + lua_pushnil(state); + lua_setglobal(state, "io"); + } // Set up various tables for state management: diff --git a/Aquaria/UserSettings.cpp b/Aquaria/UserSettings.cpp index d97dc23..771c40f 100644 --- a/Aquaria/UserSettings.cpp +++ b/Aquaria/UserSettings.cpp @@ -60,6 +60,12 @@ void UserSettings::save() xml_devmode.SetAttribute("on", system.devModeOn); } xml_system.InsertEndChild(xml_devmode); + + TiXmlElement xml_unsafe("AllowDangerousScriptFunctions"); + { + xml_unsafe.SetAttribute("on", system.allowDangerousScriptFunctions); + } + xml_system.InsertEndChild(xml_unsafe); } doc.InsertEndChild(xml_system); @@ -382,6 +388,12 @@ void UserSettings::load(bool doApply, const std::string &overrideFile) { xml_devmode->Attribute("on", &system.devModeOn); } + + TiXmlElement *xml_unsafe = xml_system->FirstChildElement("AllowDangerousScriptFunctions"); + if (xml_unsafe) + { + xml_unsafe->Attribute("on", &system.allowDangerousScriptFunctions); + } } TiXmlElement *xml_audio = doc.FirstChildElement("Audio"); diff --git a/Aquaria/UserSettings.h b/Aquaria/UserSettings.h index c6b0c22..cdd19f4 100644 --- a/Aquaria/UserSettings.h +++ b/Aquaria/UserSettings.h @@ -78,10 +78,11 @@ class UserSettings public: struct System { - System() { debugLogOn = 0; devModeOn = 0; } + System() { debugLogOn = 0; devModeOn = 0; allowDangerousScriptFunctions = 0; } int debugLogOn; std::string locale; int devModeOn; + int allowDangerousScriptFunctions; } system; struct Audio diff --git a/files/data/stringbank.txt b/files/data/stringbank.txt index 532bc5a..dc2e690 100644 --- a/files/data/stringbank.txt +++ b/files/data/stringbank.txt @@ -208,6 +208,7 @@ 2032 [Achievements] 2033 Retrieving online mod list... 2034 Open URL in web browser? +2050 -- WARNING: Dangerous script functions are ENABLED! 2100 === for options menu === 2101 Action 2102 Key 1