From a50d07d39a76053328846d82a32bac61468bb16f Mon Sep 17 00:00:00 2001 From: red-001 Date: Sat, 28 Jan 2017 16:24:25 +0000 Subject: [CSM] Improve security for client-sided mods (#5100) --- builtin/client/register.lua | 5 ++++- builtin/common/strict.lua | 5 +++-- builtin/init.lua | 1 + 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'builtin') diff --git a/builtin/client/register.lua b/builtin/client/register.lua index 1e6ac4342..c932fb9f8 100644 --- a/builtin/client/register.lua +++ b/builtin/client/register.lua @@ -1,6 +1,9 @@ core.callback_origins = {} +local getinfo = debug.getinfo +debug.getinfo = nil + function core.run_callbacks(callbacks, mode, ...) assert(type(callbacks) == "table") local cb_len = #callbacks @@ -47,7 +50,7 @@ local function make_registration() t[#t + 1] = func core.callback_origins[func] = { mod = core.get_current_modname() or "??", - name = debug.getinfo(1, "n").name or "??" + name = getinfo(1, "n").name or "??" } --local origin = core.callback_origins[func] --print(origin.name .. ": " .. origin.mod .. " registering cbk " .. tostring(func)) diff --git a/builtin/common/strict.lua b/builtin/common/strict.lua index 23ba3d727..ccde9676b 100644 --- a/builtin/common/strict.lua +++ b/builtin/common/strict.lua @@ -3,6 +3,7 @@ -- This ignores mod namespaces (variables with the same name as the current mod). local WARN_INIT = false +local getinfo = debug.getinfo function core.global_exists(name) if type(name) ~= "string" then @@ -18,7 +19,7 @@ local declared = {} local warned = {} function meta:__newindex(name, value) - local info = debug.getinfo(2, "Sl") + local info = getinfo(2, "Sl") local desc = ("%s:%d"):format(info.short_src, info.currentline) if not declared[name] then local warn_key = ("%s\0%d\0%s"):format(info.source, @@ -42,7 +43,7 @@ end function meta:__index(name) - local info = debug.getinfo(2, "Sl") + local info = getinfo(2, "Sl") local warn_key = ("%s\0%d\0%s"):format(info.source, info.currentline, name) if not declared[name] and not warned[warn_key] and info.what ~= "C" then core.log("warning", ("Undeclared global variable %q accessed at %s:%s") diff --git a/builtin/init.lua b/builtin/init.lua index 590f7fa8c..c9fa70fc7 100644 --- a/builtin/init.lua +++ b/builtin/init.lua @@ -47,6 +47,7 @@ elseif INIT == "mainmenu" then elseif INIT == "async" then dofile(asyncpath .. "init.lua") elseif INIT == "client" then + os.setlocale = nil dofile(clientpath .. "init.lua") else error(("Unrecognized builtin initialization type %s!"):format(tostring(INIT))) -- cgit v1.2.3