diff options
author | sfan5 <sfan5@live.de> | 2021-12-17 18:31:29 +0100 |
---|---|---|
committer | sfan5 <sfan5@live.de> | 2021-12-18 20:37:13 +0100 |
commit | 8c99f2232bdb52459ccf2a5b751cbe3f7797abc3 (patch) | |
tree | 2078e91dedcd2112e6644fc53e45f32a0b7281fe /builtin/game | |
parent | 8472141b79c25092c90dea24aa873bd7ff792142 (diff) | |
download | minetest-8c99f2232bdb52459ccf2a5b751cbe3f7797abc3.tar.gz minetest-8c99f2232bdb52459ccf2a5b751cbe3f7797abc3.tar.bz2 minetest-8c99f2232bdb52459ccf2a5b751cbe3f7797abc3.zip |
Don't let HTTP API pass through untrusted function
This has been a problem since the first day, oops.
Diffstat (limited to 'builtin/game')
-rw-r--r-- | builtin/game/misc.lua | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/builtin/game/misc.lua b/builtin/game/misc.lua index ef826eda7..e86efc50c 100644 --- a/builtin/game/misc.lua +++ b/builtin/game/misc.lua @@ -250,7 +250,7 @@ end -- HTTP callback interface -function core.http_add_fetch(httpenv) +core.set_http_api_lua(function(httpenv) httpenv.fetch = function(req, callback) local handle = httpenv.fetch_async(req) @@ -266,7 +266,8 @@ function core.http_add_fetch(httpenv) end return httpenv -end +end) +core.set_http_api_lua = nil function core.close_formspec(player_name, formname) |