From 4dfbfa80d57d77b137f367b15f4a5b46d34e0b74 Mon Sep 17 00:00:00 2001 From: Lactozilla Date: Wed, 18 Dec 2024 21:07:34 -0300 Subject: [PATCH] Restrict console script execution the same way Lua does --- src/command.c | 77 +++++++++++++++++++++++++++++---------------------- src/command.h | 3 ++ src/deh_soc.c | 4 +-- src/p_setup.c | 4 +-- src/p_spec.c | 2 +- 5 files changed, 52 insertions(+), 38 deletions(-) diff --git a/src/command.c b/src/command.c index 8f9166361..29f491e29 100644 --- a/src/command.c +++ b/src/command.c @@ -648,7 +648,7 @@ static void COM_ExecuteString(char *ptext) { if ((com_flags & COM_LUA) && !(cmd->flags & COM_LUA)) { - CONS_Alert(CONS_WARNING, "Command '%s' cannot be run from Lua.\n", cmd->name); + CONS_Alert(CONS_WARNING, "Command '%s' cannot be run from a script.\n", cmd->name); return; } @@ -809,49 +809,60 @@ static void COM_CEchoDuration_f(void) /** Executes a script file. */ -static void COM_Exec_f(void) +boolean COM_ExecFile(const char *scriptname, com_flags_t flags, boolean silent) { UINT8 *buf = NULL; char filename[256]; + if (!D_CheckPathAllowed(scriptname, "tried to exec")) + return false; + + // load file + // Try with Argv passed verbatim first, for back compat + FIL_ReadFile(scriptname, &buf); + + if (!buf) + { + // Now try by searching the file path + // filename is modified with the full found path + strlcpy(filename, scriptname, sizeof(filename)); + if (findfile(filename, NULL, true) != FS_NOTFOUND) + FIL_ReadFile(filename, &buf); + + if (!buf) + return false; + } + + if (!silent) + CONS_Printf(M_GetText("Executing %s\n"), scriptname); + + // insert text file into the command buffer + COM_BufAddTextEx((char *)buf, flags); + COM_BufAddTextEx("\n", flags); + + // free buffer + Z_Free(buf); + + return true; +} + +static void COM_Exec_f(void) +{ + boolean silent; + if (COM_Argc() < 2 || COM_Argc() > 3) { CONS_Printf(M_GetText("exec : run a script file\n")); return; } - if (!D_CheckPathAllowed(COM_Argv(1), "tried to exec")) + silent = COM_CheckParm("-silent"); + + if (COM_ExecFile(COM_Argv(1), com_flags, silent)) return; - // load file - // Try with Argv passed verbatim first, for back compat - FIL_ReadFile(COM_Argv(1), &buf); - - if (!buf) - { - // Now try by searching the file path - // filename is modified with the full found path - strcpy(filename, COM_Argv(1)); - if (findfile(filename, NULL, true) != FS_NOTFOUND) - FIL_ReadFile(filename, &buf); - - if (!buf) - { - if (!COM_CheckParm("-noerror")) - CONS_Printf(M_GetText("couldn't execute file %s\n"), COM_Argv(1)); - return; - } - } - - if (!COM_CheckParm("-silent")) - CONS_Printf(M_GetText("executing %s\n"), COM_Argv(1)); - - // insert text file into the command buffer - COM_BufAddTextEx((char *)buf, com_flags); - COM_BufAddTextEx("\n", com_flags); - - // free buffer - Z_Free(buf); + if (!COM_CheckParm("-noerror")) + CONS_Printf(M_GetText("Couldn't execute file %s\n"), COM_Argv(1)); } /** Delays execution of the rest of the commands until the next frame. @@ -2493,7 +2504,7 @@ static boolean CV_Command(void) if (CV_Immutable(v)) { - CONS_Alert(CONS_WARNING, "Variable '%s' cannot be changed from Lua.\n", v->name); + CONS_Alert(CONS_WARNING, "Variable '%s' cannot be changed from a script.\n", v->name); return true; } diff --git a/src/command.h b/src/command.h index c1ac7d486..70342a785 100644 --- a/src/command.h +++ b/src/command.h @@ -66,6 +66,9 @@ void COM_ImmedExecute(const char *ptext); // Execute commands in buffer, flush them void COM_BufExecute(void); +// Executes a script from a file +boolean COM_ExecFile(const char *scriptname, com_flags_t flags, boolean silent); + // As above; and progress the wait timer. void COM_BufTicker(void); diff --git a/src/deh_soc.c b/src/deh_soc.c index c0e646f60..912ac5425 100644 --- a/src/deh_soc.c +++ b/src/deh_soc.c @@ -3584,7 +3584,7 @@ void readmaincfg(MYFILE *f) if (fastcmp(word, "EXECCFG")) { if (strchr(word2, '.')) - COM_BufAddText(va("exec %s\n", word2)); + COM_ExecFile(word2, COM_LUA, false); else { lumpnum_t lumpnum; @@ -3599,7 +3599,7 @@ void readmaincfg(MYFILE *f) if (lumpnum == LUMPERROR || W_LumpLength(lumpnum) == 0) CONS_Debug(DBG_SETUP, "SOC Error: script lump %s not found/not valid.\n", newname); else - COM_BufInsertText(W_CacheLumpNum(lumpnum, PU_CACHE)); + COM_BufInsertTextEx(W_CacheLumpNum(lumpnum, PU_CACHE), COM_LUA); } } diff --git a/src/p_setup.c b/src/p_setup.c index 93286219d..8a40868a5 100644 --- a/src/p_setup.c +++ b/src/p_setup.c @@ -7369,11 +7369,11 @@ static void P_RunLevelScript(const char *scriptname) return; } - COM_BufInsertText(W_CacheLumpNum(lumpnum, PU_CACHE)); + COM_BufInsertTextEx(W_CacheLumpNum(lumpnum, PU_CACHE), COM_LUA); } else { - COM_BufAddText(va("exec %s\n", scriptname)); + COM_ExecFile(scriptname, COM_LUA, false); } COM_BufExecute(); // Run it! } diff --git a/src/p_spec.c b/src/p_spec.c index d375d3e2f..7d53c4ba8 100644 --- a/src/p_spec.c +++ b/src/p_spec.c @@ -2546,7 +2546,7 @@ static void P_ProcessLineSpecial(line_t *line, mobj_t *mo, sector_t *callsec) char *text = Z_Malloc(len + 1, PU_CACHE, NULL); memcpy(text, lump, len); text[len] = '\0'; - COM_BufInsertText(text); + COM_BufInsertTextEx(text, COM_LUA); Z_Free(text); } }