aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2020-03-05 22:03:04 +0100
committerGitHub <noreply@github.com>2020-03-05 22:03:04 +0100
commit8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (patch)
tree70bf61852c2f7efcb5c9620af6f60a7fb077516e /doc
parentef09e8a4d6671f5bfac7b6234fbe52c4b836c2be (diff)
downloadminetest-8d6a0b917ce1e7f4f1017835af0ca76e79c98c38.tar.gz
minetest-8d6a0b917ce1e7f4f1017835af0ca76e79c98c38.tar.bz2
minetest-8d6a0b917ce1e7f4f1017835af0ca76e79c98c38.zip
Fix potential security issue(s), documentation on minetest.deserialize() (#9369)
Also adds an unittest
Diffstat (limited to 'doc')
-rw-r--r--doc/lua_api.txt12
1 files changed, 9 insertions, 3 deletions
diff --git a/doc/lua_api.txt b/doc/lua_api.txt
index 10ede5168..acf2f77c1 100644
--- a/doc/lua_api.txt
+++ b/doc/lua_api.txt
@@ -5275,10 +5275,16 @@ Misc.
* Convert a table containing tables, strings, numbers, booleans and `nil`s
into string form readable by `minetest.deserialize`
* Example: `serialize({foo='bar'})`, returns `'return { ["foo"] = "bar" }'`
-* `minetest.deserialize(string)`: returns a table
- * Convert a string returned by `minetest.deserialize` into a table
+* `minetest.deserialize(string[, safe])`: returns a table
+ * Convert a string returned by `minetest.serialize` into a table
* `string` is loaded in an empty sandbox environment.
- * Will load functions, but they cannot access the global environment.
+ * Will load functions if safe is false or omitted. Although these functions
+ cannot directly access the global environment, they could bypass this
+ restriction with maliciously crafted Lua bytecode if mod security is
+ disabled.
+ * This function should not be used on untrusted data, regardless of the
+ value of `safe`. It is fine to serialize then deserialize user-provided
+ data, but directly providing user input to deserialize is always unsafe.
* Example: `deserialize('return { ["foo"] = "bar" }')`,
returns `{foo='bar'}`
* Example: `deserialize('print("foo")')`, returns `nil`