try to be more strict/paranoid with cvars.

load q2 game dlls from the binarydir in preference to gamedir (allows such dlls to be distributed with the engine). add small emscripten msvc project so I can build the web port a little more conveniently. require mouse releases to have had a corresponding mouse press while in the menu. this solves issues with mouse clicks triggering the load menu while dead and instantlyish loading one, and alt-tab issues too. git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@4755 fc73d0e0-1445-4013-8a0c-d673dee63da5
2014-09-20 04:11:39 +00:00 · 2014-09-20 04:11:39 +00:00 · b29c68ef92
commit b29c68ef92
parent 489e88feb4
21 changed files with 376 additions and 88 deletions
--- a/engine/common/common.h
+++ b/engine/common/common.h
@ -466,7 +466,7 @@ qbyte *COM_LoadTempMoreFile (const char *path);	//allocates a little bit more wi
 //qbyte *COM_LoadHunkFile (const char *path);
 qbyte *COM_LoadMallocFile (const char *path);

-searchpathfuncs_t *COM_IteratePaths (void **iterator, char *buffer, int buffersize);
+searchpathfuncs_t *COM_IteratePaths (void **iterator, char *pathbuffer, int pathbuffersize, char *dirname, int dirnamesize);
 void COM_FlushFSCache(void);	//a file was written using fopen
 void COM_RefreshFSCache_f(void);
 qboolean FS_Restarted(unsigned int *since);
--- a/engine/common/cvar.h
+++ b/engine/common/cvar.h
@ -125,14 +125,14 @@ typedef struct cvar_group_s
 //freestyle
 #define CVAR_POINTER		(1<<5)	// q2 style. May be converted to q1 if needed. These are often specified on the command line and then converted into q1 when registered properly.
 #define CVAR_UNUSED			(1<<6)  //the default string was malloced/needs to be malloced, free on unregister
-#define CVAR_NOTFROMSERVER	(1<<7)	// the console will ignore changes to cvars if set at from the server or any gamecode. This is to protect against security flaws - like qterm
+#define CVAR_NOTFROMSERVER	(1<<7)	//cvar cannot be set by gamecode. the console will ignore changes to cvars if set at from the server or any gamecode. This is to protect against security flaws - like qterm
 #define CVAR_USERCREATED	(1<<8)	//write a 'set' or 'seta' in front of the var name.
 #define CVAR_CHEAT			(1<<9)	//latch to the default, unless cheats are enabled.
 #define CVAR_SEMICHEAT		(1<<10)	//if strict ruleset, force to 0/blank.
 #define CVAR_RENDERERLATCH	(1<<11)	//requires a vid_restart to reapply.
 #define CVAR_SERVEROVERRIDE	(1<<12)	//the server has overridden out local value - should probably be called SERVERLATCH
 #define CVAR_RENDERERCALLBACK	(1<<13) //force callback for cvars on renderer change
-#define CVAR_NOUNSAFEEXPAND	(1<<14) // do not expand cvar value when command is from gamecode
+#define CVAR_NOUNSAFEEXPAND	(1<<14) //cvar cannot be read by gamecode. do not expand cvar value when command is from gamecode.
 #define CVAR_RULESETLATCH	(1<<15)	//latched by the ruleset
 #define CVAR_SHADERSYSTEM	(1<<16)	//change flushes shaders.
 #define CVAR_TELLGAMECODE   (1<<17) //tells the gamecode when it has changed, does not prevent changing, added as an optimisation
--- a/engine/common/fs.c
+++ b/engine/common/fs.c
@ -2098,7 +2098,9 @@ void FS_AddGameDirectory (searchpath_t **oldpaths, const char *puredir, const ch
 	FS_AddPathHandle(oldpaths, puredir, dir, handle, flags|keptflags, loadstuff);
 }

-searchpathfuncs_t *COM_IteratePaths (void **iterator, char *buffer, int buffersize)
+//if syspath, something like c:\quake\baseq2
+//otherwise just baseq2. beware of dupes.
+searchpathfuncs_t *COM_IteratePaths (void **iterator, char *pathbuffer, int pathbuffersize, char *dirname, int dirnamesize)
 {
 	searchpath_t	*s;
 	void			*prev;
@ -2112,15 +2114,28 @@ searchpathfuncs_t *COM_IteratePaths (void **iterator, char *buffer, int buffersi
 		if (*iterator == prev)
 		{
 			*iterator = s->handle;
-			Q_strncpyz(buffer, s->logicalpath, buffersize-1);
-			FS_CleanDir(buffer, buffersize);
-			return s->handle;
+			if (!strchr(s->purepath, '/'))
+			{
+				if (pathbuffer)
+				{
+					Q_strncpyz(pathbuffer, s->logicalpath, pathbuffersize-1);
+					FS_CleanDir(pathbuffer, pathbuffersize);
+				}
+				if (dirname)
+				{
+					Q_strncpyz(dirname, s->purepath, dirnamesize-1);
+				}
+				return s->handle;
+			}
 		}
 		prev = s->handle;
 	}

 	*iterator = NULL;
-	*buffer = 0;
+	if (pathbuffer)
+		*pathbuffer = 0;
+	if (dirname)
+		*dirname = 0;
 	return NULL;
 }

--- a/engine/common/fs_pak.c
+++ b/engine/common/fs_pak.c
@ -209,7 +209,7 @@ static int QDECL VFSPAK_WriteBytes (struct vfsfile_s *vfs, const void *buffer, i
 static qboolean QDECL VFSPAK_Seek (struct vfsfile_s *vfs, qofs_t pos)
 {
 	vfspack_t *vfsp = (vfspack_t*)vfs;
-	if (pos < 0 || pos > vfsp->length)
+	if (pos > vfsp->length)
 		return false;
 	vfsp->currentpos = pos + vfsp->startpos;

--- a/engine/common/pr_bgcmd.c
+++ b/engine/common/pr_bgcmd.c
@ -1036,7 +1036,7 @@ void QCBUILTIN PF_cvar_string (pubprogfuncs_t *prinst, struct globalvars_s *pr_g
 {
 	const char	*str = PR_GetStringOfs(prinst, OFS_PARM0);
 	cvar_t *cv = Cvar_Get(str, "", 0, "QC variables");
-	if (cv)
+	if (cv && !(cv->flags & CVAR_NOUNSAFEEXPAND))
 	{
 		if(cv->latched_string)
 			RETURN_CSTRING(cv->latched_string);
@ -1052,7 +1052,7 @@ void QCBUILTIN PF_cvar_defstring (pubprogfuncs_t *prinst, struct globalvars_s *p
 {
 	const char	*str = PR_GetStringOfs(prinst, OFS_PARM0);
 	cvar_t *cv = Cvar_Get(str, "", 0, "QC variables");
-	if (cv)
+	if (cv && !(cv->flags & CVAR_NOUNSAFEEXPAND))
 		RETURN_CSTRING(cv->defaultstr);
 	else
 		G_INT(OFS_RETURN) = 0;
@ -1063,7 +1063,7 @@ void QCBUILTIN PF_cvar_description (pubprogfuncs_t *prinst, struct globalvars_s
 {
 	const char	*str = PR_GetStringOfs(prinst, OFS_PARM0);
 	cvar_t *cv = Cvar_Get(str, "", 0, "QC variables");
-	if (cv)
+	if (cv && !(cv->flags & CVAR_NOUNSAFEEXPAND))
 		RETURN_CSTRING(cv->description);
 	else
 		G_INT(OFS_RETURN) = 0;
@ -1077,7 +1077,7 @@ void QCBUILTIN PF_cvar_type (pubprogfuncs_t *prinst, struct globalvars_s *pr_glo
 	cvar_t *v;

 	v = Cvar_FindVar(str);
-	if (v)
+	if (v && !(v->flags & CVAR_NOUNSAFEEXPAND))
 	{
 		ret |= 1; // CVAR_EXISTS
 		if(v->flags & CVAR_ARCHIVE)
@ -1102,7 +1102,7 @@ void QCBUILTIN PF_cvar_set (pubprogfuncs_t *prinst, struct globalvars_s *pr_glob
 	val = PR_GetStringOfs(prinst, OFS_PARM1);

 	var = Cvar_Get(var_name, val, 0, "QC variables");
-	if (!var)
+	if (!var || (var->flags & CVAR_NOTFROMSERVER))
 		return;
 	Cvar_Set (var, val);
 }
@ -1116,7 +1116,7 @@ void QCBUILTIN PF_cvar_setlatch (pubprogfuncs_t *prinst, struct globalvars_s *pr
 	val = PR_GetStringOfs(prinst, OFS_PARM1);

 	var = Cvar_Get(var_name, val, 0, "QC variables");
-	if (!var)
+	if (!var || (var->flags & CVAR_NOTFROMSERVER))
 		return;
 	Cvar_LockFromServer(var, val);
 }
@ -1131,10 +1131,9 @@ void QCBUILTIN PF_cvar_setf (pubprogfuncs_t *prinst, struct globalvars_s *pr_glo
 	val = G_FLOAT(OFS_PARM1);

 	var = Cvar_FindVar(var_name);
-	if (!var)
-		Con_Printf("PF_cvar_set: variable %s not found\n", var_name);
-	else
-		Cvar_SetValue (var, val);
+	if (!var || (var->flags & CVAR_NOTFROMSERVER))
+		return;
+	Cvar_SetValue (var, val);
 }

 //float(string name, string value) registercvar
@ -5120,6 +5119,10 @@ void PR_AutoCvar(pubprogfuncs_t *prinst, cvar_t *var)
 	eval_t *val;
 	etype_t type;
 	int n, p;
+
+	if (var->flags & CVAR_NOUNSAFEEXPAND)
+		return;
+
 	for (n = 0; n < 2; n++)
 	{
 		gname = n?var->name2:var->name;
@ -5167,7 +5170,7 @@ void PDECL PR_FoundAutoCvarGlobal(pubprogfuncs_t *progfuncs, char *name, eval_t
 		return;
 	}
 	var = Cvar_Get(name, vals, 0, "autocvars");
-	if (!var)
+	if (!var || (var->flags & CVAR_NOUNSAFEEXPAND))
 		return;

 	var->flags |= CVAR_TELLGAMECODE;
--- a/engine/common/qvm.c
+++ b/engine/common/qvm.c
@ -103,7 +103,7 @@ dllhandle_t *QVM_LoadDLL(const char *name, qboolean binroot, void **vmMain, sys_
 		{
 			// run through the search paths
 			iterator = NULL;
-			while (!hVM && COM_IteratePaths(&iterator, gpath, sizeof(gpath)))
+			while (!hVM && COM_IteratePaths(&iterator, gpath, sizeof(gpath), NULL, false))
 			{
 				if (!hVM)
 				{