fte/fteqw
2
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix possible loophole.

Browse source
This commit is contained in:
Shpoike 2024-12-12 13:23:18 +00:00
parent b1b0f5e654
commit 62ff790114
4 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
engine/client/cl_main.c
View file

@ -6218,7 +6218,7 @@ void Host_WriteConfiguration (void)
} }
Key_WriteBindings (f); Key_WriteBindings (f);
Cvar_WriteVariables (f, false); Cvar_WriteVariables (f, false, false);
VFS_CLOSE (f); VFS_CLOSE (f);

7
engine/common/cmd.c
View file

@ -4141,6 +4141,7 @@ static void Cmd_WriteConfig_f(void)
char fname[MAX_QPATH]; char fname[MAX_QPATH];
char displayname[MAX_OSPATH]; char displayname[MAX_OSPATH];
qboolean all = true; qboolean all = true;
qboolean nohidden = false;
//special variation that only saves if an archived cvar was actually modified. //special variation that only saves if an archived cvar was actually modified.
if (!Q_strcasecmp(Cmd_Argv(0), "cfg_save_ifmodified")) if (!Q_strcasecmp(Cmd_Argv(0), "cfg_save_ifmodified"))
@ -4169,7 +4170,9 @@ static void Cmd_WriteConfig_f(void)
Q_snprintfz(fname, sizeof(fname), "%s", filename); Q_snprintfz(fname, sizeof(fname), "%s", filename);
COM_RequireExtension(fname, ".cfg", sizeof(fname)); COM_RequireExtension(fname, ".cfg", sizeof(fname));
if (Cmd_IsInsecure() && strncmp(fname, "data/", 5)) if (!strncmp(fname, "data/", 5))
nohidden = true; //we're writing to the data/ dir, which mods may potentially read. don't write any settings they're not allowed to see.
else if (Cmd_IsInsecure())
{ {
Con_Printf ("%s %s: not allowed\n", Cmd_Argv(0), Cmd_Args()); Con_Printf ("%s %s: not allowed\n", Cmd_Argv(0), Cmd_Args());
return; return;
@ -4237,7 +4240,7 @@ static void Cmd_WriteConfig_f(void)
#endif #endif
if (cfg_save_aliases.ival) if (cfg_save_aliases.ival)
Alias_WriteAliases (f); Alias_WriteAliases (f);
Cvar_WriteVariables (f, all); Cvar_WriteVariables (f, all, nohidden);
VFS_CLOSE(f); VFS_CLOSE(f);
Cvar_Saved(); Cvar_Saved();

4
engine/common/cvar.c
View file

@ -1687,7 +1687,7 @@ Writes lines containing "set variable value" for all variables
with the archive flag set to true. with the archive flag set to true.
============ ============
*/ */
void Cvar_WriteVariables (vfsfile_t *f, qboolean all) void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden)
{ {
qboolean writtengroupheader; qboolean writtengroupheader;
cvar_group_t *grp; cvar_group_t *grp;
@ -1705,6 +1705,8 @@ void Cvar_WriteVariables (vfsfile_t *f, qboolean all)
//yeah, don't force-save readonly cvars. //yeah, don't force-save readonly cvars.
if (var->flags & (CVAR_NOSET|CVAR_NOSAVE)) if (var->flags & (CVAR_NOSET|CVAR_NOSAVE))
continue; continue;
if (nohidden && (var->flags & CVAR_NOUNSAFEEXPAND))
continue;
if (!writtengroupheader) if (!writtengroupheader)
{ {

2
engine/common/cvar.h
View file

@ -213,7 +213,7 @@ qboolean Cvar_Command (cvar_t *v, int level);
// command. Returns true if the command was a variable reference that // command. Returns true if the command was a variable reference that
// was handled. (print or change) // was handled. (print or change)
void Cvar_WriteVariables (vfsfile_t *f, qboolean all); void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden);
// Writes lines containing "set variable value" for all variables // Writes lines containing "set variable value" for all variables
// with the archive flag set to true. // with the archive flag set to true.