Fix vulnerability by checking privs in formspec callback

This commit is contained in:
rubenwardy 2017-12-04 16:49:17 +00:00 committed by GitHub
parent 701ec1f060
commit 18a803c9a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -36,6 +36,10 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
if (formname~="privilegeareas:gui_add") then if (formname~="privilegeareas:gui_add") then
return false return false
end end
if not minetest.check_player_privs(player, "privs") then
return false
end
if fields.submit then if fields.submit then
-- Do addition stuff -- Do addition stuff