summaryrefslogtreecommitdiff
path: root/src/script/cpp_api/s_security.cpp
Commit message (Collapse)AuthorAge
* Security: Fix resolving of some relative pathsShadowNinja2016-12-20
| | | | | | | | | | | | | Trying to resolve a path with RemoveRelativePathComponents that can't be resolved without leaving leading parent components (e.g. "../worlds/foo" or "bar/../../worlds/foo") will fail. To work around this, we leave the relative components and simply remove the trailing components one at a time, and bail out when we find a parent component. This will still fail for paths like "worlds/foo/noexist/../auth.txt" (the path before the last parent component must not exist), but this is fine since you won't be able to open a file with a path like that anyways (the O.S. will determine that the path doesn't exist. Try `cat /a/../etc/passwd`).
* Mod security: Allow read-only access to all mod pathsShadowNinja2016-12-20
|
* Fix secure io.linesShadowNinja2016-11-24
| | | | | It used to drop all of the return values from the insecure version of the function.
* Fix secure io.open without modeShadowNinja2016-11-24
|
* Fix memory leak in ::safeLoadFile (#4730)Zeno-2016-11-05
|
* couple of memory leaks fixes.David Carlier2016-08-10
|
* Remove unused code in s_security.cpp (#4172)Zeno-2016-05-30
| | | Note that the macro CHECK_FILE_ERR implements the code removed
* Remove debug.getupvalue from the Lua sandbox whitelistShadowNinja2016-03-03
| | | | This function could be used to steal insecure environments from trusted mods.
* Use numeric indices and raw table access with LUA_REGISTRYINDEXKahrl2015-08-27
|
* dofile error reporting for syntax errorsest312015-06-12
| | | | | According to doc, dofile() raises an error when parsing failed due to syntax errors. Fixes #2775
* Fix Windows build, clean up included headersSmallJoker2015-05-22
| | | | Also fix a startup error caused by s_security.cpp
* Add mod securityShadowNinja2015-05-16
Due to compatibility concerns, this is temporarily disabled.