aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api/s_security.cpp
AgeCommit message (Collapse)Author
2016-12-20Security: Fix resolving of some relative pathsShadowNinja
Trying to resolve a path with RemoveRelativePathComponents that can't be resolved without leaving leading parent components (e.g. "../worlds/foo" or "bar/../../worlds/foo") will fail. To work around this, we leave the relative components and simply remove the trailing components one at a time, and bail out when we find a parent component. This will still fail for paths like "worlds/foo/noexist/../auth.txt" (the path before the last parent component must not exist), but this is fine since you won't be able to open a file with a path like that anyways (the O.S. will determine that the path doesn't exist. Try `cat /a/../etc/passwd`).
2016-12-20Mod security: Allow read-only access to all mod pathsShadowNinja
2016-11-24Fix secure io.linesShadowNinja
It used to drop all of the return values from the insecure version of the function.
2016-11-24Fix secure io.open without modeShadowNinja
2016-11-05Fix memory leak in ::safeLoadFile (#4730)Zeno-
2016-08-10couple of memory leaks fixes.David Carlier
2016-05-30Remove unused code in s_security.cpp (#4172)Zeno-
Note that the macro CHECK_FILE_ERR implements the code removed
2016-03-03Remove debug.getupvalue from the Lua sandbox whitelistShadowNinja
This function could be used to steal insecure environments from trusted mods.
2015-08-27Use numeric indices and raw table access with LUA_REGISTRYINDEXKahrl
2015-06-12dofile error reporting for syntax errorsest31
According to doc, dofile() raises an error when parsing failed due to syntax errors. Fixes #2775
2015-05-22Fix Windows build, clean up included headersSmallJoker
Also fix a startup error caused by s_security.cpp
2015-05-16Add mod securityShadowNinja
Due to compatibility concerns, this is temporarily disabled.
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-22 11:22:21 +0000