fte/fteqw
2
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix possible loophole.

Browse source
This commit is contained in:
Shpoike 2024-12-12 13:23:18 +00:00
parent b1b0f5e654
commit 62ff790114
4 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
engine/client/cl_main.c
View file

@ -6218,7 +6218,7 @@ void Host_WriteConfiguration (void)
}
Key_WriteBindings (f);
Cvar_WriteVariables (f, false);
Cvar_WriteVariables (f, false, false);
VFS_CLOSE (f);

7
engine/common/cmd.c
View file

@ -4141,6 +4141,7 @@ static void Cmd_WriteConfig_f(void)
char fname[MAX_QPATH];
char displayname[MAX_OSPATH];
qboolean all = true;
qboolean nohidden = false;
//special variation that only saves if an archived cvar was actually modified.
if (!Q_strcasecmp(Cmd_Argv(0), "cfg_save_ifmodified"))
@ -4169,7 +4170,9 @@ static void Cmd_WriteConfig_f(void)
Q_snprintfz(fname, sizeof(fname), "%s", filename);
COM_RequireExtension(fname, ".cfg", sizeof(fname));
if (Cmd_IsInsecure() && strncmp(fname, "data/", 5))
if (!strncmp(fname, "data/", 5))
nohidden = true; //we're writing to the data/ dir, which mods may potentially read. don't write any settings they're not allowed to see.
else if (Cmd_IsInsecure())
{
Con_Printf ("%s %s: not allowed\n", Cmd_Argv(0), Cmd_Args());
return;
@ -4237,7 +4240,7 @@ static void Cmd_WriteConfig_f(void)
#endif
if (cfg_save_aliases.ival)
Alias_WriteAliases (f);
Cvar_WriteVariables (f, all);
Cvar_WriteVariables (f, all, nohidden);
VFS_CLOSE(f);
Cvar_Saved();

4
engine/common/cvar.c
View file

@ -1687,7 +1687,7 @@ Writes lines containing "set variable value" for all variables
with the archive flag set to true.
============
*/
void Cvar_WriteVariables (vfsfile_t *f, qboolean all)
void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden)
{
qboolean writtengroupheader;
cvar_group_t *grp;
@ -1705,6 +1705,8 @@ void Cvar_WriteVariables (vfsfile_t *f, qboolean all)
//yeah, don't force-save readonly cvars.
if (var->flags & (CVAR_NOSET|CVAR_NOSAVE))
continue;
if (nohidden && (var->flags & CVAR_NOUNSAFEEXPAND))
continue;
if (!writtengroupheader)
{

2
engine/common/cvar.h
View file

@ -213,7 +213,7 @@ qboolean Cvar_Command (cvar_t *v, int level);
// command. Returns true if the command was a variable reference that
// was handled. (print or change)
void Cvar_WriteVariables (vfsfile_t *f, qboolean all);
void Cvar_WriteVariables (vfsfile_t *f, qboolean all, qboolean nohidden);
// Writes lines containing "set variable value" for all variables
// with the archive flag set to true.