oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-08-11 17:51:04 +00:00
Code Wiki Activity

Don't let HTTP API pass through untrusted function

Browse source 
This has been a problem since the first day, oops.
This commit is contained in:
sfan5 2021-12-17 18:31:29 +01:00
parent 8472141b79
commit 8c99f2232b
4 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
builtin/game/misc.lua
View file

@ -250,7 +250,7 @@ end
-- HTTP callback interface
function core.http_add_fetch(httpenv)
core.set_http_api_lua(function(httpenv)
httpenv.fetch = function(req, callback)
local handle = httpenv.fetch_async(req)
@ -266,7 +266,8 @@ function core.http_add_fetch(httpenv)
end
return httpenv
end
end)
core.set_http_api_lua = nil
function core.close_formspec(player_name, formname)