diff --git a/src/c_cvars.cpp b/src/c_cvars.cpp index c79a76fb3..cd48e304e 100644 --- a/src/c_cvars.cpp +++ b/src/c_cvars.cpp @@ -51,6 +51,7 @@ #include "v_palette.h" #include "v_video.h" #include "colormatcher.h" +#include "menu/menu.h" struct FLatchedValue { @@ -204,7 +205,9 @@ DEFINE_ACTION_FUNCTION(_CVar, GetString) DEFINE_ACTION_FUNCTION(_CVar, SetInt) { + // Only menus are allowed to change CVARs. PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar); + if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0; PARAM_INT(val); UCVarValue v; v.Int = val; @@ -214,17 +217,21 @@ DEFINE_ACTION_FUNCTION(_CVar, SetInt) DEFINE_ACTION_FUNCTION(_CVar, SetFloat) { + // Only menus are allowed to change CVARs. PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar); + if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0; PARAM_FLOAT(val); UCVarValue v; - v.Float = val; + v.Float = (float)val; self->SetGenericRep(v, CVAR_Float); return 0; } DEFINE_ACTION_FUNCTION(_CVar, SetString) { + // Only menus are allowed to change CVARs. PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar); + if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0; PARAM_STRING(val); UCVarValue v; v.String = val.GetChars(); diff --git a/src/c_dispatch.cpp b/src/c_dispatch.cpp index 8bd83ed15..343903495 100644 --- a/src/c_dispatch.cpp +++ b/src/c_dispatch.cpp @@ -54,6 +54,7 @@ #include "d_net.h" #include "d_main.h" #include "serializer.h" +#include "menu/menu.h" // MACROS ------------------------------------------------------------------ @@ -662,8 +663,10 @@ void C_DoCommand (const char *cmd, int keynum) } } -DEFINE_ACTION_FUNCTION(_Console, DoCommand) +// This is only accessible to the special menu item to run CCMDs. +DEFINE_ACTION_FUNCTION(DOptionMenuItemCommand, DoCommand) { + if (DMenu::CurrentMenu == nullptr) return 0; PARAM_PROLOGUE; PARAM_STRING(cmd); C_DoCommand(cmd); diff --git a/wadsrc/static/zscript/base.txt b/wadsrc/static/zscript/base.txt index eee20a04f..e354fe594 100644 --- a/wadsrc/static/zscript/base.txt +++ b/wadsrc/static/zscript/base.txt @@ -272,7 +272,6 @@ struct Console native native static void HideConsole(); native static void MidPrint(Font fontname, string textlabel, bool bold = false); native static vararg void Printf(string fmt, ...); - native static void DoCommand(String cmd); } struct DamageTypeDefinition native diff --git a/wadsrc/static/zscript/menu/colorpickermenu.txt b/wadsrc/static/zscript/menu/colorpickermenu.txt index 93a2399a5..d7ed52057 100644 --- a/wadsrc/static/zscript/menu/colorpickermenu.txt +++ b/wadsrc/static/zscript/menu/colorpickermenu.txt @@ -336,7 +336,10 @@ class ColorpickerMenu : OptionMenu if (mStartItem >= 0) { mDesc.mItems.Resize(mStartItem); - if (mCVar != null) mCVar.SetInt(Color(int(mRed), int(mGreen), int(mBlue))); + if (mCVar != null) + { + mCVar.SetInt(Color(int(mRed), int(mGreen), int(mBlue))); + } mStartItem = -1; } } diff --git a/wadsrc/static/zscript/menu/optionmenuitems.txt b/wadsrc/static/zscript/menu/optionmenuitems.txt index 4796ce4c9..398b20cb2 100644 --- a/wadsrc/static/zscript/menu/optionmenuitems.txt +++ b/wadsrc/static/zscript/menu/optionmenuitems.txt @@ -127,8 +127,16 @@ class OptionMenuItemCommand : OptionMenuItemSubmenu return self; } + private native static void DoCommand(String cmd); // This is very intentionally limited to this menu item to prevent abuse. + override bool Activate() { + // This needs to perform a few checks to prevent abuse by malicious modders. + let m = Menu.GetCurrentMenu(); + // don't execute if no menu is active + if (m == null) return false; + // don't execute if this item cannot be found in the current menu. + if (m.GetItem(mAction) != self) return false; Menu.MenuSound("menu/choose"); Console.DoCommand(mAction); return true; @@ -158,7 +166,7 @@ class OptionMenuItemSafeCommand : OptionMenuItemCommand { if (mkey == Menu.MKEY_MBYes) { - Console.DoCommand(mAction); + Super.Activate(mKey, fromController); return true; } return Super.MenuEvent(mkey, fromcontroller);