Niwla23
/
minetest_modding_book
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add warnings to various book chapters

master
rubenwardy 2018-07-20 20:51:31 +01:00
parent 5614c15b06
commit a3288e2ed9
No known key found for this signature in database
GPG Key ID: A1E29D52FF81513C
6 changed files with 52 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_en/basics/lua.md
View File

@ -71,8 +71,6 @@ One such IDE is Eclipse with the Koneki Lua plugin:
## Coding in Lua ## Coding in Lua
{% include notice.html level="warning" message="This section is a Work in Progress. May be unclear." %}
Programs are a series of commands that run one after another. Programs are a series of commands that run one after another.
We call these commands "statements." We call these commands "statements."

52
_en/players/chat.md
View File

@ -5,6 +5,23 @@ root: ../..
idx: 4.2 idx: 4.2
description: Registering a chatcommand and handling chat messages with register_on_chat_message description: Registering a chatcommand and handling chat messages with register_on_chat_message
redirect_from: /en/chapters/chat.html redirect_from: /en/chapters/chat.html
cmd_online:
level: warning
title: Offline players can run commands
message: <p>A player name is passed instead of a player object, because mods
can run commands on behalf of offline players. For example, the IRC
bridge allows players to run commands without joining the game.</p>
<p>So make sure that you don't assume that the player is online.
You can check by seeing if minetest.get_player_by_name returns a player.</p>
cb_cmdsprivs:
level: warning
title: Privileges and Chat Commands
message: The shout privilege isn't needed for a player to trigger this callback.
This is because chat commands are implemented in Lua, and are just
chat messages that begin with a /.
--- ---
## Introduction ## Introduction
@ -45,20 +62,6 @@ minetest.chat_send_player("player1", "This is a chat message for player1")
This message displays in the same manner as messages to all players, but is This message displays in the same manner as messages to all players, but is
only visible to the named player, in this case player1. only visible to the named player, in this case player1.
### Older Mods
Occasionally you'll see mods where the chat_send_player function includes a
Boolean:
{% highlight lua %}
minetest.chat_send_player("player1", "This is a server message", true)
minetest.chat_send_player("player1", "This is a server message", false)
{% endhighlight %}
The boolean is no longer used, and has no affect
<sup>[[commit]](https://github.com/minetest/minetest/commit/9a3b7715e2c2390a3a549d4e105ed8c18defb228)</sup>.
## Chat Commands ## Chat Commands
To register a chat command, for example /foo, use register_chatcommand: To register a chat command, for example /foo, use register_chatcommand:
@ -96,14 +99,7 @@ return true, "You said " .. param .. "!"
This returns two values, a Boolean which shows the command succeeded This returns two values, a Boolean which shows the command succeeded
and the chat message to send to the player. and the chat message to send to the player.
A player name, instead of a player object, is passed because {% include notice.html notice=page.cmd_online %}
**the player might not actually be in-game, but may be running commands from IRC**.
Due to this, you should not assume `minetest.get_player_by_name`, or any other
function that requires an in-game player, will work in a chat command call back.
`minetest.show_formspec` also won't work when a command is run from IRC, so you
should provide a text only version. For example, the email mod allows both `/inbox`
to show a formspec, and `/inbox text` to send information to chat.
## Complex Subcommands ## Complex Subcommands
@ -162,17 +158,21 @@ By returning false, you allow the chat message to be sent by the default
handler. You can actually remove the line `return false`, and it would still handler. You can actually remove the line `return false`, and it would still
work the same. work the same.
**WARNING: CHAT COMMANDS ARE ALSO INTERCEPTED.** If you only want to catch {% include notice.html notice=page.cb_cmdsprivs %}
player messages, you need to do this:
You should make sure you take into account that it may be a chat command,
or the user may not have `shout`.
{% highlight lua %} {% highlight lua %}
minetest.register_on_chat_message(function(name, message) minetest.register_on_chat_message(function(name, message)
if message:sub(1, 1) == "/" then if message:sub(1, 1) == "/" then
print(name .. " ran chat command") print(name .. " ran chat command")
return false elseif minetest.check_player_privs(name, { shout = true }) then
print(name .. " said " .. message)
else
print(name .. " tried to say " .. message .. " but doesn't have shout")
end end
print(name .. " said " .. message)
return false return false
end) end)
{% endhighlight %} {% endhighlight %}

9
_en/players/formspecs.md
View File

@ -4,6 +4,13 @@ layout: default
root: ../.. root: ../..
idx: 4.5 idx: 4.5
redirect_from: /en/chapters/formspecs.html redirect_from: /en/chapters/formspecs.html
submit_vuln:
level: warning
title: Malicious clients can submit anything at anytime
message: You should never trust a formspec submission. A malicious client
can submit anything they like at any time - even if you never showed
them the formspec. This means that you should check privileges
and make sure that they should be allowed to perform the action.
--- ---
## Introduction ## Introduction
@ -162,6 +169,8 @@ to the function, and exit if it is not the right form; however, some callbacks
may need to work on multiple forms, or all forms - it depends on what you may need to work on multiple forms, or all forms - it depends on what you
want to do. want to do.
{% include notice.html notice=page.submit_vuln %}
### Fields ### Fields
The `fields` parameter to the function is a table, index by string, of the values The `fields` parameter to the function is a table, index by string, of the values

18
_sass/_content.scss
View File

@ -27,10 +27,14 @@ figure {
padding: 0 0 0 6px; padding: 0 0 0 6px;
} }
.notice-info {
background: #ececec !important;
border: 1px solid #aaa !important;
}
.notice-danger { .notice-danger {
background: #933 !important; background: #fcc !important;
border: 1px solid #c44 !important; border: 1px solid #a66 !important;
} }
.notice-warning { .notice-warning {
@ -56,6 +60,14 @@ figure {
position: relative; position: relative;
} }
.notice p {
margin: 0 0 17px 0;
}
.notice p:last-child {
margin: 0;
}
.notice > span { .notice > span {
position: absolute; position: absolute;
top: 0; top: 0;
@ -74,7 +86,7 @@ figure {
.notice h2 { .notice h2 {
margin: 0 0 5px 0; margin: 0 0 5px 0;
padding: 0 0 2px 0; padding: 0 0 2px 0;
font-size: 110%; font-size: 100%;
} }
.header-link, .anchor { .header-link, .anchor {

2
lua_api.html
View File

@ -3,7 +3,7 @@ title: Lua Modding API Reference
layout: default layout: default
root: . root: .
--- ---
<div class='notice'> <div class='notice notice-info'>
<h2>This is lua_api.txt nicely formated: I did not write this</h2> <h2>This is lua_api.txt nicely formated: I did not write this</h2>
This page was last updated 29/March/2018.<br />See <a href="https://github.com/minetest/minetest/blob/master/doc/lua_api.txt">doc/lua_api.txt</a> for the latest version (in plaintext).<br />Generated using <a href="https://github.com/rubenwardy/minetest_modding_book/blob/gh-pages/update_lua_api.py">a Python script</a>.</div> This page was last updated 29/March/2018.<br />See <a href="https://github.com/minetest/minetest/blob/master/doc/lua_api.txt">doc/lua_api.txt</a> for the latest version (in plaintext).<br />Generated using <a href="https://github.com/rubenwardy/minetest_modding_book/blob/gh-pages/update_lua_api.py">a Python script</a>.</div>
<h2 id="table-of-contents">Table of Contents</h2> <h2 id="table-of-contents">Table of Contents</h2>

2
utils/update_lua_api.py
View File

@ -100,7 +100,7 @@ html = str(soup)
print("Writing to file...") print("Writing to file...")
file = open("lua_api.html", "w") file = open("lua_api.html", "w")
file.write("---\ntitle: Lua Modding API Reference\nlayout: default\n---\n") file.write("---\ntitle: Lua Modding API Reference\nlayout: default\n---\n")
file.write("<div class='notice'>\n") file.write("<div class='notice notice-info'>\n")
file.write("<h2>This is lua_api.txt nicely formated: I did not write this</h2>\n") file.write("<h2>This is lua_api.txt nicely formated: I did not write this</h2>\n")
file.write(credit) file.write(credit)
file.write("</div>\n") file.write("</div>\n")