From 62ff790114851fe587ac5b3eac0b18d824d29f3e Mon Sep 17 00:00:00 2001
From: Shpoike <Shpoike@users.noreply.github.com>
Date: Thu, 12 Dec 2024 13:23:18 +0000
Subject: [PATCH] Fix possible loophole.

---
 engine/client/cl_main.c | 2 +-
 engine/common/cmd.c     | 7 +++++--
 engine/common/cvar.c    | 4 +++-
 engine/common/cvar.h    | 2 +-
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/engine/client/cl_main.c b/engine/client/cl_main.c
index 8871cd57c..995565fb0 100644
--- a/engine/client/cl_main.c
+++ b/engine/client/cl_main.c
@@ -6218,7 +6218,7 @@ void Host_WriteConfiguration (void)
 		}
 
 		Key_WriteBindings (f);
-		Cvar_WriteVariables (f, false);
+		Cvar_WriteVariables (f, false, false);
 
 		VFS_CLOSE (f);
 
diff --git a/engine/common/cmd.c b/engine/common/cmd.c
index 334e96f0d..f78d48ae2 100644
--- a/engine/common/cmd.c
+++ b/engine/common/cmd.c
@@ -4141,6 +4141,7 @@ static void Cmd_WriteConfig_f(void)
 	char fname[MAX_QPATH];
 	char displayname[MAX_OSPATH];
 	qboolean all = true;
+	qboolean nohidden = false;
 
 	//special variation that only saves if an archived cvar was actually modified.
 	if (!Q_strcasecmp(Cmd_Argv(0), "cfg_save_ifmodified"))
@@ -4169,7 +4170,9 @@ static void Cmd_WriteConfig_f(void)
 		Q_snprintfz(fname, sizeof(fname), "%s", filename);
 		COM_RequireExtension(fname, ".cfg", sizeof(fname));
 
-		if (Cmd_IsInsecure() && strncmp(fname, "data/", 5))
+		if (!strncmp(fname, "data/", 5))
+			nohidden = true;	//we're writing to the data/ dir, which mods may potentially read. don't write any settings they're not allowed to see.
+		else if (Cmd_IsInsecure())
 		{
 			Con_Printf ("%s %s: not allowed\n", Cmd_Argv(0), Cmd_Args());
 			return;
@@ -4237,7 +4240,7 @@ static void Cmd_WriteConfig_f(void)
 #endif
 	if (cfg_save_aliases.ival)
 		Alias_WriteAliases (f);
-	Cvar_WriteVariables (f, all);
+	Cvar_WriteVariables (f, all, nohidden);
 	VFS_CLOSE(f);
 
 	Cvar_Saved();
diff --git a/engine/common/cvar.c b/engine/common/cvar.c
index b5d363ac1..7cfe0bdc8 100644
--- a/engine/common/cvar.c
+++ b/engine/common/cvar.c
@@ -1687,7 +1687,7 @@ Writes lines containing "set variable value" for all variables
 with the archive flag set to true.
 ============
 */
-void Cvar_WriteVariables (vfsfile_t *f, qboolean all)
+void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden)
 {
 	qboolean writtengroupheader;
 	cvar_group_t *grp;
@@ -1705,6 +1705,8 @@ void Cvar_WriteVariables (vfsfile_t *f, qboolean all)
 				//yeah, don't force-save readonly cvars.
 				if (var->flags & (CVAR_NOSET|CVAR_NOSAVE))
 					continue;
+				if (nohidden && (var->flags & CVAR_NOUNSAFEEXPAND))
+					continue;
 
 				if (!writtengroupheader)
 				{
diff --git a/engine/common/cvar.h b/engine/common/cvar.h
index e24583d1e..d491daf8d 100644
--- a/engine/common/cvar.h
+++ b/engine/common/cvar.h
@@ -213,7 +213,7 @@ qboolean Cvar_Command (cvar_t *v, int level);
 // command.  Returns true if the command was a variable reference that
 // was handled. (print or change)
 
-void Cvar_WriteVariables (vfsfile_t *f, qboolean all);
+void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden);
 // Writes lines containing "set variable value" for all variables
 // with the archive flag set to true.