Fix vulnerability by checking privs in formspec callback
This commit is contained in:
parent
701ec1f060
commit
18a803c9a9
4
gui.lua
4
gui.lua
@ -36,6 +36,10 @@ minetest.register_on_player_receive_fields(function(player, formname, fields)
|
|||||||
if (formname~="privilegeareas:gui_add") then
|
if (formname~="privilegeareas:gui_add") then
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if not minetest.check_player_privs(player, "privs") then
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
if fields.submit then
|
if fields.submit then
|
||||||
-- Do addition stuff
|
-- Do addition stuff
|
||||||
|
Loading…
x
Reference in New Issue
Block a user