add option to allow "unsafe" lua scripts, with "package" package
This allows lua scripts to access the OS, the network, etc.
This commit is contained in:
Chris Beck
parent
4164a24a59
commit
3193a67ce9
3 changed files with 10 additions and 0 deletions
|
|
@ -133,6 +133,7 @@ commandline_options::commandline_options (const std::vector<std::string>& args)
|
|||
screenshot(false),
|
||||
screenshot_map_file(),
|
||||
screenshot_output_file(),
|
||||
script_unsafe_mode(false),
|
||||
strict_validation(false),
|
||||
test(),
|
||||
unit_test(),
|
||||
|
|
@ -186,6 +187,7 @@ commandline_options::commandline_options (const std::vector<std::string>& args)
|
|||
("rng-seed", po::value<unsigned int>(), "seeds the random number generator with number <arg>. Example: --rng-seed 0")
|
||||
("screenshot", po::value<two_strings>()->multitoken(), "takes two arguments: <map> <output>. Saves a screenshot of <map> to <output> without initializing a screen. Editor must be compiled in for this to work.")
|
||||
("script", po::value<std::string>(), "file containing a lua script to control the client")
|
||||
("unsafe-scripts", "makes the \'package\' package available to lua scripts, so that they can load arbitrary packages. Do not do this with untrusted scripts! This action gives lua the same permissions as the wesnoth executable.")
|
||||
("server,s", po::value<std::string>()->implicit_value(std::string()), "connects to the host <arg> if specified or to the first host in your preferences.")
|
||||
("username", po::value<std::string>(), "uses <username> when connecting to a server, ignoring other preferences.")
|
||||
("password", po::value<std::string>(), "uses <password> when connecting to a server, ignoring other preferences.")
|
||||
|
|
@ -433,6 +435,8 @@ commandline_options::commandline_options (const std::vector<std::string>& args)
|
|||
}
|
||||
if (vm.count("script"))
|
||||
script_file = vm["script"].as<std::string>();
|
||||
if (vm.count("unsafe-scripts"))
|
||||
script_unsafe_mode = true;
|
||||
if (vm.count("server"))
|
||||
server = vm["server"].as<std::string>();
|
||||
if (vm.count("username"))
|
||||
|
|
|
|||
|
|
@ -190,6 +190,8 @@ public:
|
|||
boost::optional<std::string> screenshot_output_file;
|
||||
/// File to load lua script (mp-bot) from.
|
||||
boost::optional<std::string> script_file;
|
||||
/// Whether to load the "package" package for the scripting environment. (This allows to load arbitrary lua packages, and gives untrusted lua the same permissions as wesnoth executable)
|
||||
bool script_unsafe_mode;
|
||||
/// True if --strict-validation was given on the command line. Makes Wesnoth trust validation errors as fatal WML errors and create WML exception, if so.
|
||||
bool strict_validation;
|
||||
/// Non-empty if --test was given on the command line. Goes directly into test mode, into a scenario, if specified.
|
||||
|
|
|
|||
|
|
@ -464,6 +464,10 @@ bool game_launcher::init_lua_script()
|
|||
resources::app_lua_kernel = new application_lua_kernel();
|
||||
resources::app_lua_kernel->initialize(this);
|
||||
|
||||
if (cmdline_opts_.script_unsafe_mode) {
|
||||
resources::app_lua_kernel->load_package(); //load the "package" package, so that scripts can get what packages they want
|
||||
}
|
||||
|
||||
resources::app_lua_kernel->run(full_script.c_str());
|
||||
|
||||
return true;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue