From a77c1e4c508741d3aebfa3b7519e44b575f76a74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20P=C3=A9rez-Cerezo?= <gabriel@gpcf.eu>
Date: Sun, 8 Nov 2020 22:01:35 +0100
Subject: Security: forbid unauthorized access to inventories using CSM

---
 init.lua | 45 +++++++++++++++++++++++++++++++++++----------
 mod.conf |  3 +++
 2 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 mod.conf

diff --git a/init.lua b/init.lua
index d14d309..71ac177 100644
--- a/init.lua
+++ b/init.lua
@@ -62,12 +62,12 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
 	if fields.unrent then
 	   local pos = minetest.string_to_pos(formname:sub(17))
 	   local meta = minetest.get_meta(pos)
-	   local inv = meta:get_inventory()
-	   if inv:is_empty("mailbox") then
+		local inv = meta:get_inventory()
+		if inv:is_empty("mailbox") then
 	      mailbox.unrent(pos, player)
-	   else
+		else
 	      minetest.chat_send_player(player:get_player_name(), "Your mailbox is not empty!")
-	   end
+		end
 	end
 	if fields.books_only then
 		local pos = minetest.string_to_pos(formname:sub(17))
@@ -93,6 +93,7 @@ mailbox.after_place_node = function(pos, placer, _)
 	local inv = meta:get_inventory()
 	inv:set_size("mailbox", 8*4)
 	inv:set_size("drop", 1)
+
 end
 
 mailbox.on_rightclick_free = function(pos, _, clicker, _)
@@ -138,13 +139,14 @@ mailbox.can_dig = function(pos, player)
 end
 
 mailbox.on_metadata_inventory_put = function(pos, listname, index, stack, player)
-	if listname == "drop" then
-		local inv = minetest.get_meta(pos):get_inventory()
-		if inv:room_for_item("mailbox", stack) then
+	local meta = minetest.get_meta(pos)
+   if listname == "drop" then
+      local inv = meta:get_inventory()
+      if inv:room_for_item("mailbox", stack) then
 			inv:remove_item("drop", stack)
 			inv:add_item("mailbox", stack)
-		end
-	end
+      end
+   end
 end
 
 mailbox.allow_metadata_inventory_put = function(pos, listname, index, stack, player)
@@ -155,6 +157,7 @@ mailbox.allow_metadata_inventory_put = function(pos, listname, index, stack, pla
 		end
 
 		local meta = minetest.get_meta(pos)
+		local owner = meta:get_string("owner")
 		local inv = meta:get_inventory()
 		if inv:room_for_item("mailbox", stack) then
 			return -1
@@ -166,6 +169,25 @@ mailbox.allow_metadata_inventory_put = function(pos, listname, index, stack, pla
 	return 0
 end
 
+mailbox.allow_metadata_inventory_take = function(pos, listname, index, stack, player)
+	local meta = minetest.get_meta(pos)
+	local name = player:get_player_name()
+	if not meta:get_string("owner") == name and not minetest.check_player_privs(name, {protection_bypass=true,}) then
+		return 0
+	end
+	return stack:get_count()
+end
+
+mailbox.allow_metadata_inventory_move = function(pos, from_list, from_index, to_list, to_index, count, player)
+	local meta = minetest.get_meta(pos)
+	local name = player:get_player_name()
+	if meta:get_string("owner") == name or minetest.check_player_privs(name, {protection_bypass=true,}) then
+		return count
+	end
+	return 0 
+end
+
+
 
 minetest.register_node("mailbox:mailbox", {
 	description = "Mailbox",
@@ -183,6 +205,8 @@ minetest.register_node("mailbox:mailbox", {
 	can_dig = mailbox.can_dig,
 	on_metadata_inventory_put = mailbox.on_metadata_inventory_put,
 	allow_metadata_inventory_put = mailbox.allow_metadata_inventory_put,
+	allow_metadata_invenory_take = mailbox.allow_metadata_inventory_take,
+	allow_metadata_invenory_move = mailbox.allow_metadata_inventory_move,
 })
 
 minetest.register_node("mailbox:mailbox_free", {
@@ -202,7 +226,6 @@ minetest.register_node("mailbox:mailbox_free", {
 	can_dig = mailbox.can_dig,
 --	on_metadata_inventory_put = mailbox.on_metadata_inventory_put,
 --	allow_metadata_inventory_put = mailbox.allow_metadata_inventory_put,
-
 })
 
 
@@ -224,6 +247,8 @@ minetest.register_node("mailbox:letterbox", {
 	can_dig = mailbox.can_dig,
 	on_metadata_inventory_put = mailbox.on_metadata_inventory_put,
 	allow_metadata_inventory_put = mailbox.allow_metadata_inventory_put,
+	allow_metadata_invenory_take = mailbox.allow_metadata_inventory_take,
+	allow_metadata_invenory_move = mailbox.allow_metadata_inventory_move,
 })
 
 minetest.register_tool("mailbox:unrenter", {
diff --git a/mod.conf b/mod.conf
new file mode 100644
index 0000000..d970bf4
--- /dev/null
+++ b/mod.conf
@@ -0,0 +1,3 @@
+name=mailbox
+description=Mailbox mod
+depends=default
-- 
cgit v1.2.3