Create a filesystem abstraction layer for CSM and only allow accessing files that are scanned into it. (#5965)

* Load client-side mods into memory before executing them. This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure. * Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory. * Fix the issues with backtrace * fix most of the issues * fix code style. * add a comment
2025-06-27 16:36:03 +00:00 · 2017-06-30 19:14:39 +01:00 · 2017-06-30 19:14:39 +01:00 · f3ad75691a
commit f3ad75691a
parent 2e53801fc0
24 changed files with 230 additions and 101 deletions
--- a/src/script/cpp_api/s_security.h
+++ b/src/script/cpp_api/s_security.h
@ -41,14 +41,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 class ScriptApiSecurity : virtual public ScriptApiBase
 {
 public:
-	int backupGlobals(lua_State *L);
+	int getThread(lua_State *L);
+	// creates an empty Lua environment
+	void createEmptyEnv(lua_State *L);
+	// sets the enviroment to the table thats on top of the stack
+	void setLuaEnv(lua_State *L, int thread);
 	// Sets up security on the ScriptApi's Lua state
 	void initializeSecurity();
 	void initializeSecurityClient();
 	// Checks if the Lua state has been secured
 	static bool isSecure(lua_State *L);
 	// Loads a file as Lua code safely (doesn't allow bytecode).
-	static bool safeLoadFile(lua_State *L, const char *path);
+	static bool safeLoadFile(lua_State *L, const char *path, const char *display_name = NULL);
 	// Checks if mods are allowed to read (and optionally write) to the path
 	static bool checkPath(lua_State *L, const char *path, bool write_required,
 			bool *write_allowed=NULL);