1
0
Fork 0
mirror of https://github.com/AquariaOSE/Aquaria.git synced 2024-12-24 21:55:42 +00:00

Fix problematic Lua init and add user setting to keep 'os' and 'io' functions.

From the Lua 5.1 manual:
"The luaopen_* functions (to open libraries) cannot be called directly,
like a regular C function. They must be called through Lua,
like a Lua function."

All standard tables are now loaded with luaL_openlibs(), which includes os and io.
Because these are inherently unsafe, there is a new config setting:
<AllowDangerousScriptFunctions on="1" />
This is disabled by default.
The title screen will show a warning when the setting is on.
This commit is contained in:
fgenesis 2014-05-16 01:03:54 +02:00
parent 3db8c9e13a
commit 86d2fcebda
5 changed files with 38 additions and 9 deletions

View file

@ -813,7 +813,10 @@ void loadBitForTexPrecache()
void DSQ::setVersionLabelText() void DSQ::setVersionLabelText()
{ {
#ifdef AQUARIA_OVERRIDE_VERSION_STRING #ifdef AQUARIA_OVERRIDE_VERSION_STRING
versionLabel->setText(AQUARIA_OVERRIDE_VERSION_STRING); std::string overrideText = AQUARIA_OVERRIDE_VERSION_STRING;
if(user.system.allowDangerousScriptFunctions)
overrideText += continuity.stringBank.get(2050);
versionLabel->setText(overrideText);
return; return;
#endif #endif
@ -848,6 +851,9 @@ void DSQ::setVersionLabelText()
os << AQUARIA_CUSTOM_BUILD_ID; os << AQUARIA_CUSTOM_BUILD_ID;
#endif #endif
if(user.system.allowDangerousScriptFunctions)
os << continuity.stringBank.get(2050);
versionLabel->setText(os.str()); versionLabel->setText(os.str());
} }
@ -907,13 +913,13 @@ This build is not yet final, and as such there are a couple things lacking. They
// steam gets inited in here // steam gets inited in here
Core::init(); Core::init();
dsq->continuity.stringBank.load(); continuity.stringBank.load();
vars = &v; vars = &v;
v.load(); v.load();
// steam callbacks are inited here // steam callbacks are inited here
dsq->continuity.init(); continuity.init();
// do copy stuff // do copy stuff
#ifdef BBGE_BUILD_UNIX #ifdef BBGE_BUILD_UNIX

View file

@ -60,6 +60,9 @@ bool complainOnGlobalVar = false;
// thread-local variable. // thread-local variable.
bool complainOnUndefLocal = false; bool complainOnUndefLocal = false;
// Set to true to make 'os' and 'io' Lua tables accessible
bool allowUnsafeFunctions = false;
// List of all interface functions called by C++ code, terminated by NULL. // List of all interface functions called by C++ code, terminated by NULL.
static const char * const interfaceFunctions[] = { static const char * const interfaceFunctions[] = {
@ -10650,6 +10653,8 @@ void ScriptInterface::init()
complainOnGlobalVar = devmode; complainOnGlobalVar = devmode;
complainOnUndefLocal = devmode; complainOnUndefLocal = devmode;
allowUnsafeFunctions = dsq->user.system.allowDangerousScriptFunctions;
if (!baseState) if (!baseState)
baseState = createLuaVM(); baseState = createLuaVM();
} }
@ -10669,11 +10674,15 @@ void *ScriptInterface::the_alloc(void *ud, void *ptr, size_t osize, size_t nsize
lua_State *ScriptInterface::createLuaVM() lua_State *ScriptInterface::createLuaVM()
{ {
lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */ lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */
luaopen_base(state); /* opens the basic library */ luaL_openlibs(state);
luaopen_table(state); /* opens the table library */
luaopen_string(state); /* opens the string lib. */ if(!allowUnsafeFunctions)
luaopen_math(state); /* opens the math lib. */ {
luaopen_debug(state); lua_pushnil(state);
lua_setglobal(state, "os");
lua_pushnil(state);
lua_setglobal(state, "io");
}
// Set up various tables for state management: // Set up various tables for state management:

View file

@ -60,6 +60,12 @@ void UserSettings::save()
xml_devmode.SetAttribute("on", system.devModeOn); xml_devmode.SetAttribute("on", system.devModeOn);
} }
xml_system.InsertEndChild(xml_devmode); xml_system.InsertEndChild(xml_devmode);
TiXmlElement xml_unsafe("AllowDangerousScriptFunctions");
{
xml_unsafe.SetAttribute("on", system.allowDangerousScriptFunctions);
}
xml_system.InsertEndChild(xml_unsafe);
} }
doc.InsertEndChild(xml_system); doc.InsertEndChild(xml_system);
@ -382,6 +388,12 @@ void UserSettings::load(bool doApply, const std::string &overrideFile)
{ {
xml_devmode->Attribute("on", &system.devModeOn); xml_devmode->Attribute("on", &system.devModeOn);
} }
TiXmlElement *xml_unsafe = xml_system->FirstChildElement("AllowDangerousScriptFunctions");
if (xml_unsafe)
{
xml_unsafe->Attribute("on", &system.allowDangerousScriptFunctions);
}
} }
TiXmlElement *xml_audio = doc.FirstChildElement("Audio"); TiXmlElement *xml_audio = doc.FirstChildElement("Audio");

View file

@ -78,10 +78,11 @@ class UserSettings
public: public:
struct System struct System
{ {
System() { debugLogOn = 0; devModeOn = 0; } System() { debugLogOn = 0; devModeOn = 0; allowDangerousScriptFunctions = 0; }
int debugLogOn; int debugLogOn;
std::string locale; std::string locale;
int devModeOn; int devModeOn;
int allowDangerousScriptFunctions;
} system; } system;
struct Audio struct Audio

View file

@ -208,6 +208,7 @@
2032 [Achievements] 2032 [Achievements]
2033 Retrieving online mod list... 2033 Retrieving online mod list...
2034 Open URL in web browser? 2034 Open URL in web browser?
2050 -- WARNING: Dangerous script functions are ENABLED!
2100 === for options menu === 2100 === for options menu ===
2101 Action 2101 Action
2102 Key 1 2102 Key 1