From 6525e0411863f8ce1995c1ee24d6ba766935dfdb Mon Sep 17 00:00:00 2001
From: Christoph Oelckers <coelckers@users.noreply.github.com>
Date: Mon, 13 Feb 2017 19:18:45 +0100
Subject: [PATCH] - added restrictions to CVAR and CCMD access functions for
 the menus. CVAR changes are only allowed when the menu is open or for
 mod-CVARs. The CCMD execution function is now private to the control
 requiring it and heavily guarded against improper access from the outside so
 that abuse is mostly impossible.

This also means that the remaining scriptification of the menu is on hold. The player menu would require even more access to critical game data, which is a no-go, and the other remaining menus offer little benefit from getting scriptified.
---
 src/c_cvars.cpp                                |  9 ++++++++-
 src/c_dispatch.cpp                             |  5 ++++-
 wadsrc/static/zscript/base.txt                 |  1 -
 wadsrc/static/zscript/menu/colorpickermenu.txt |  5 ++++-
 wadsrc/static/zscript/menu/optionmenuitems.txt | 10 +++++++++-
 5 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/src/c_cvars.cpp b/src/c_cvars.cpp
index c79a76fb3..cd48e304e 100644
--- a/src/c_cvars.cpp
+++ b/src/c_cvars.cpp
@@ -51,6 +51,7 @@
 #include "v_palette.h"
 #include "v_video.h"
 #include "colormatcher.h"
+#include "menu/menu.h"
 
 struct FLatchedValue
 {
@@ -204,7 +205,9 @@ DEFINE_ACTION_FUNCTION(_CVar, GetString)
 
 DEFINE_ACTION_FUNCTION(_CVar, SetInt)
 {
+	// Only menus are allowed to change CVARs.
 	PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar);
+	if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0;
 	PARAM_INT(val);
 	UCVarValue v;
 	v.Int = val;
@@ -214,17 +217,21 @@ DEFINE_ACTION_FUNCTION(_CVar, SetInt)
 
 DEFINE_ACTION_FUNCTION(_CVar, SetFloat)
 {
+	// Only menus are allowed to change CVARs.
 	PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar);
+	if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0;
 	PARAM_FLOAT(val);
 	UCVarValue v;
-	v.Float = val;
+	v.Float = (float)val;
 	self->SetGenericRep(v, CVAR_Float);
 	return 0;
 }
 
 DEFINE_ACTION_FUNCTION(_CVar, SetString)
 {
+	// Only menus are allowed to change CVARs.
 	PARAM_SELF_STRUCT_PROLOGUE(FBaseCVar);
+	if (!(self->GetFlags() & CVAR_MOD) && DMenu::CurrentMenu == nullptr) return 0;
 	PARAM_STRING(val);
 	UCVarValue v;
 	v.String = val.GetChars();
diff --git a/src/c_dispatch.cpp b/src/c_dispatch.cpp
index 8bd83ed15..343903495 100644
--- a/src/c_dispatch.cpp
+++ b/src/c_dispatch.cpp
@@ -54,6 +54,7 @@
 #include "d_net.h"
 #include "d_main.h"
 #include "serializer.h"
+#include "menu/menu.h"
 
 // MACROS ------------------------------------------------------------------
 
@@ -662,8 +663,10 @@ void C_DoCommand (const char *cmd, int keynum)
 	}
 }
 
-DEFINE_ACTION_FUNCTION(_Console, DoCommand)
+// This is only accessible to the special menu item to run CCMDs.
+DEFINE_ACTION_FUNCTION(DOptionMenuItemCommand, DoCommand)
 {
+	if (DMenu::CurrentMenu == nullptr) return 0;
 	PARAM_PROLOGUE;
 	PARAM_STRING(cmd);
 	C_DoCommand(cmd);
diff --git a/wadsrc/static/zscript/base.txt b/wadsrc/static/zscript/base.txt
index eee20a04f..e354fe594 100644
--- a/wadsrc/static/zscript/base.txt
+++ b/wadsrc/static/zscript/base.txt
@@ -272,7 +272,6 @@ struct Console native
 	native static void HideConsole();
 	native static void MidPrint(Font fontname, string textlabel, bool bold = false);
 	native static vararg void Printf(string fmt, ...);
-	native static void DoCommand(String cmd);
 }
 
 struct DamageTypeDefinition native
diff --git a/wadsrc/static/zscript/menu/colorpickermenu.txt b/wadsrc/static/zscript/menu/colorpickermenu.txt
index 93a2399a5..d7ed52057 100644
--- a/wadsrc/static/zscript/menu/colorpickermenu.txt
+++ b/wadsrc/static/zscript/menu/colorpickermenu.txt
@@ -336,7 +336,10 @@ class ColorpickerMenu : OptionMenu
 		if (mStartItem >= 0)
 		{
 			mDesc.mItems.Resize(mStartItem);
-			if (mCVar != null) mCVar.SetInt(Color(int(mRed), int(mGreen), int(mBlue)));
+			if (mCVar != null) 
+			{
+				mCVar.SetInt(Color(int(mRed), int(mGreen), int(mBlue)));
+			}
 			mStartItem = -1;
 		}
 	}
diff --git a/wadsrc/static/zscript/menu/optionmenuitems.txt b/wadsrc/static/zscript/menu/optionmenuitems.txt
index 4796ce4c9..398b20cb2 100644
--- a/wadsrc/static/zscript/menu/optionmenuitems.txt
+++ b/wadsrc/static/zscript/menu/optionmenuitems.txt
@@ -127,8 +127,16 @@ class OptionMenuItemCommand : OptionMenuItemSubmenu
 		return self;
 	}
 
+	private native static void DoCommand(String cmd);	// This is very intentionally limited to this menu item to prevent abuse.
+
 	override bool Activate()
 	{
+		// This needs to perform a few checks to prevent abuse  by malicious modders.
+		let m = Menu.GetCurrentMenu();
+		// don't execute if no menu is active
+		if (m == null) return false;	
+		// don't execute if this item cannot be found in the current menu.
+		if (m.GetItem(mAction) != self) return false;
 		Menu.MenuSound("menu/choose");
 		Console.DoCommand(mAction);
 		return true;
@@ -158,7 +166,7 @@ class OptionMenuItemSafeCommand : OptionMenuItemCommand
 	{
 		if (mkey == Menu.MKEY_MBYes)
 		{
-			Console.DoCommand(mAction);
+			Super.Activate(mKey, fromController);
 			return true;
 		}
 		return Super.MenuEvent(mkey, fromcontroller);