LuaBlock: store md5 checksums
This avoids changing the LuaBlock code by setting its metadata.
This commit is contained in:
parent
8cac3f8f70
commit
180167110f
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
[submodule "moremesecons_luablock/md5_lua"]
|
||||
path = moremesecons_luablock/md5_lua
|
||||
url = https://github.com/kikito/md5.lua.git
|
@ -1 +1,2 @@
|
||||
mesecons
|
||||
moremesecons_utils
|
||||
|
@ -1,3 +1,39 @@
|
||||
local hash_table
|
||||
local md5
|
||||
local storage
|
||||
if minetest.get_mod_storage then
|
||||
md5 = dofile(minetest.get_modpath(minetest.get_current_modname()).."/md5_lua/md5.lua")
|
||||
storage = minetest.get_mod_storage()
|
||||
hash_table = minetest.deserialize(storage:get_string("hash_table")) or {}
|
||||
else
|
||||
minetest.log("warning", "[moremesecons_luablock] Your version of Minetest does not provide a mod storage API. The mod storage allows moremesecons_luablock to store md5 checksums, which avoids some potential security breaches.")
|
||||
end
|
||||
|
||||
local function set_md5(pos, code)
|
||||
if not hash_table then
|
||||
return
|
||||
end
|
||||
vector.set_data_to_pos(hash_table, pos.z,pos.y,pos.x, md5.sum(code))
|
||||
storage:set_string("hash_table", minetest.serialize(hash_table))
|
||||
end
|
||||
|
||||
local function check_md5(pos, code)
|
||||
if not hash_table then
|
||||
return true
|
||||
end
|
||||
local stored_sum = vector.get_data_from_pos(hash_table, pos.z,pos.y,pos.x)
|
||||
if not stored_sum then
|
||||
-- Legacy
|
||||
set_md5(pos, code)
|
||||
return true
|
||||
end
|
||||
if md5.sum(code) ~= stored_sum then
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
|
||||
local function make_formspec(meta, pos)
|
||||
local code = meta:get_string("code")
|
||||
local errmsg = minetest.formspec_escape(meta:get_string("errmsg"))
|
||||
@ -74,6 +110,7 @@ minetest.register_node("moremesecons_luablock:luablock", {
|
||||
end
|
||||
|
||||
meta:set_string("code", fields.code)
|
||||
set_md5(pos, fields.code)
|
||||
make_formspec(meta, pos)
|
||||
end,
|
||||
can_dig = function(pos, player)
|
||||
@ -87,6 +124,10 @@ minetest.register_node("moremesecons_luablock:luablock", {
|
||||
if code == "" then
|
||||
return
|
||||
end
|
||||
if not check_md5(npos, code) then
|
||||
minetest.log("warning", "[moremesecons_luablock] Code of LuaBlock at pos "..minetest.pos_to_string(npos).." does not match with its md5 checksum!")
|
||||
return
|
||||
end
|
||||
-- We do absolutely no check there.
|
||||
-- There is no limitation in the number of instruction the LuaBlock can execute
|
||||
-- or the usage it can make of loops.
|
||||
|
1
moremesecons_luablock/md5_lua
Submodule
1
moremesecons_luablock/md5_lua
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit e8cd75ce397da6dd75ddb37cb07eb31663743223
|
Loading…
x
Reference in New Issue
Block a user