mirror of
https://github.com/AquariaOSE/Aquaria.git
synced 2024-12-24 21:55:42 +00:00
Fix problematic Lua init and add user setting to keep 'os' and 'io' functions.
From the Lua 5.1 manual: "The luaopen_* functions (to open libraries) cannot be called directly, like a regular C function. They must be called through Lua, like a Lua function." All standard tables are now loaded with luaL_openlibs(), which includes os and io. Because these are inherently unsafe, there is a new config setting: <AllowDangerousScriptFunctions on="1" /> This is disabled by default. The title screen will show a warning when the setting is on.
This commit is contained in:
parent
3db8c9e13a
commit
86d2fcebda
5 changed files with 38 additions and 9 deletions
|
@ -813,7 +813,10 @@ void loadBitForTexPrecache()
|
||||||
void DSQ::setVersionLabelText()
|
void DSQ::setVersionLabelText()
|
||||||
{
|
{
|
||||||
#ifdef AQUARIA_OVERRIDE_VERSION_STRING
|
#ifdef AQUARIA_OVERRIDE_VERSION_STRING
|
||||||
versionLabel->setText(AQUARIA_OVERRIDE_VERSION_STRING);
|
std::string overrideText = AQUARIA_OVERRIDE_VERSION_STRING;
|
||||||
|
if(user.system.allowDangerousScriptFunctions)
|
||||||
|
overrideText += continuity.stringBank.get(2050);
|
||||||
|
versionLabel->setText(overrideText);
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -848,6 +851,9 @@ void DSQ::setVersionLabelText()
|
||||||
os << AQUARIA_CUSTOM_BUILD_ID;
|
os << AQUARIA_CUSTOM_BUILD_ID;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if(user.system.allowDangerousScriptFunctions)
|
||||||
|
os << continuity.stringBank.get(2050);
|
||||||
|
|
||||||
versionLabel->setText(os.str());
|
versionLabel->setText(os.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -907,13 +913,13 @@ This build is not yet final, and as such there are a couple things lacking. They
|
||||||
// steam gets inited in here
|
// steam gets inited in here
|
||||||
Core::init();
|
Core::init();
|
||||||
|
|
||||||
dsq->continuity.stringBank.load();
|
continuity.stringBank.load();
|
||||||
|
|
||||||
vars = &v;
|
vars = &v;
|
||||||
v.load();
|
v.load();
|
||||||
|
|
||||||
// steam callbacks are inited here
|
// steam callbacks are inited here
|
||||||
dsq->continuity.init();
|
continuity.init();
|
||||||
|
|
||||||
// do copy stuff
|
// do copy stuff
|
||||||
#ifdef BBGE_BUILD_UNIX
|
#ifdef BBGE_BUILD_UNIX
|
||||||
|
|
|
@ -60,6 +60,9 @@ bool complainOnGlobalVar = false;
|
||||||
// thread-local variable.
|
// thread-local variable.
|
||||||
bool complainOnUndefLocal = false;
|
bool complainOnUndefLocal = false;
|
||||||
|
|
||||||
|
// Set to true to make 'os' and 'io' Lua tables accessible
|
||||||
|
bool allowUnsafeFunctions = false;
|
||||||
|
|
||||||
|
|
||||||
// List of all interface functions called by C++ code, terminated by NULL.
|
// List of all interface functions called by C++ code, terminated by NULL.
|
||||||
static const char * const interfaceFunctions[] = {
|
static const char * const interfaceFunctions[] = {
|
||||||
|
@ -10650,6 +10653,8 @@ void ScriptInterface::init()
|
||||||
complainOnGlobalVar = devmode;
|
complainOnGlobalVar = devmode;
|
||||||
complainOnUndefLocal = devmode;
|
complainOnUndefLocal = devmode;
|
||||||
|
|
||||||
|
allowUnsafeFunctions = dsq->user.system.allowDangerousScriptFunctions;
|
||||||
|
|
||||||
if (!baseState)
|
if (!baseState)
|
||||||
baseState = createLuaVM();
|
baseState = createLuaVM();
|
||||||
}
|
}
|
||||||
|
@ -10669,11 +10674,15 @@ void *ScriptInterface::the_alloc(void *ud, void *ptr, size_t osize, size_t nsize
|
||||||
lua_State *ScriptInterface::createLuaVM()
|
lua_State *ScriptInterface::createLuaVM()
|
||||||
{
|
{
|
||||||
lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */
|
lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */
|
||||||
luaopen_base(state); /* opens the basic library */
|
luaL_openlibs(state);
|
||||||
luaopen_table(state); /* opens the table library */
|
|
||||||
luaopen_string(state); /* opens the string lib. */
|
if(!allowUnsafeFunctions)
|
||||||
luaopen_math(state); /* opens the math lib. */
|
{
|
||||||
luaopen_debug(state);
|
lua_pushnil(state);
|
||||||
|
lua_setglobal(state, "os");
|
||||||
|
lua_pushnil(state);
|
||||||
|
lua_setglobal(state, "io");
|
||||||
|
}
|
||||||
|
|
||||||
// Set up various tables for state management:
|
// Set up various tables for state management:
|
||||||
|
|
||||||
|
|
|
@ -60,6 +60,12 @@ void UserSettings::save()
|
||||||
xml_devmode.SetAttribute("on", system.devModeOn);
|
xml_devmode.SetAttribute("on", system.devModeOn);
|
||||||
}
|
}
|
||||||
xml_system.InsertEndChild(xml_devmode);
|
xml_system.InsertEndChild(xml_devmode);
|
||||||
|
|
||||||
|
TiXmlElement xml_unsafe("AllowDangerousScriptFunctions");
|
||||||
|
{
|
||||||
|
xml_unsafe.SetAttribute("on", system.allowDangerousScriptFunctions);
|
||||||
|
}
|
||||||
|
xml_system.InsertEndChild(xml_unsafe);
|
||||||
}
|
}
|
||||||
doc.InsertEndChild(xml_system);
|
doc.InsertEndChild(xml_system);
|
||||||
|
|
||||||
|
@ -382,6 +388,12 @@ void UserSettings::load(bool doApply, const std::string &overrideFile)
|
||||||
{
|
{
|
||||||
xml_devmode->Attribute("on", &system.devModeOn);
|
xml_devmode->Attribute("on", &system.devModeOn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TiXmlElement *xml_unsafe = xml_system->FirstChildElement("AllowDangerousScriptFunctions");
|
||||||
|
if (xml_unsafe)
|
||||||
|
{
|
||||||
|
xml_unsafe->Attribute("on", &system.allowDangerousScriptFunctions);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
TiXmlElement *xml_audio = doc.FirstChildElement("Audio");
|
TiXmlElement *xml_audio = doc.FirstChildElement("Audio");
|
||||||
|
|
|
@ -78,10 +78,11 @@ class UserSettings
|
||||||
public:
|
public:
|
||||||
struct System
|
struct System
|
||||||
{
|
{
|
||||||
System() { debugLogOn = 0; devModeOn = 0; }
|
System() { debugLogOn = 0; devModeOn = 0; allowDangerousScriptFunctions = 0; }
|
||||||
int debugLogOn;
|
int debugLogOn;
|
||||||
std::string locale;
|
std::string locale;
|
||||||
int devModeOn;
|
int devModeOn;
|
||||||
|
int allowDangerousScriptFunctions;
|
||||||
} system;
|
} system;
|
||||||
|
|
||||||
struct Audio
|
struct Audio
|
||||||
|
|
|
@ -208,6 +208,7 @@
|
||||||
2032 [Achievements]
|
2032 [Achievements]
|
||||||
2033 Retrieving online mod list...
|
2033 Retrieving online mod list...
|
||||||
2034 Open URL in web browser?
|
2034 Open URL in web browser?
|
||||||
|
2050 -- WARNING: Dangerous script functions are ENABLED!
|
||||||
2100 === for options menu ===
|
2100 === for options menu ===
|
||||||
2101 Action
|
2101 Action
|
||||||
2102 Key 1
|
2102 Key 1
|
||||||
|
|
Loading…
Reference in a new issue