aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Labath <pavelo@centrum.sk>2011-07-08 22:32:22 (GMT)
committerPavel Labath <pavelo@centrum.sk>2011-11-01 09:57:21 (GMT)
commit9f84eb3c7b18e3a1f6ec6e0f1f3fd181a496e25c (patch)
treefb4e896f45eb451d05c64a58b46b490f9a410d36
parentb8a7503a30a06f53e0cfbc602b210bea1b49ec82 (diff)
downloadfluxbox_paul-9f84eb3c7b18e3a1f6ec6e0f1f3fd181a496e25c.zip
fluxbox_paul-9f84eb3c7b18e3a1f6ec6e0f1f3fd181a496e25c.tar.bz2
Lua: Make global variables read-only
This prevents the user from inadvertently overwriting e.g. the session table and then wondering why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script can still use raw access to mess with it) and it adds some overhead to any operation referencing a global variable.
-rw-r--r--src/FbTk/LResource.cc6
-rw-r--r--src/FbTk/LResourceHelper.lua2
-rw-r--r--src/FbTk/LuaUtil.cc31
3 files changed, 20 insertions, 19 deletions
diff --git a/src/FbTk/LResource.cc b/src/FbTk/LResource.cc
index 6671b89..d7627c9 100644
--- a/src/FbTk/LResource.cc
+++ b/src/FbTk/LResource.cc
@@ -105,9 +105,13 @@ LResourceManager::LResourceManager(const std::string &root, Lua &l)
105 l.checkstack(2); 105 l.checkstack(2);
106 lua::stack_sentry s(l); 106 lua::stack_sentry s(l);
107 107
108 l.pushstring(root);
109
108 l.getfield(lua::REGISTRYINDEX, make_root); 110 l.getfield(lua::REGISTRYINDEX, make_root);
109 l.pushstring(root); 111 l.pushstring(root);
110 l.call(1, 0); 112 l.call(1, 1);
113
114 l.readOnlySet(lua::GLOBALSINDEX);
111} 115}
112 116
113bool LResourceManager::save(const char *filename, const char *) { 117bool LResourceManager::save(const char *filename, const char *) {
diff --git a/src/FbTk/LResourceHelper.lua b/src/FbTk/LResourceHelper.lua
index 5171c43..0e61eb6 100644
--- a/src/FbTk/LResourceHelper.lua
+++ b/src/FbTk/LResourceHelper.lua
@@ -190,7 +190,7 @@ local function make_root(name)
190 __newindex = newindex, __index = index, 190 __newindex = newindex, __index = index,
191 _magic = cat_magic, _fullname = name, _state = 0 191 _magic = cat_magic, _fullname = name, _state = 0
192 }; 192 };
193 getfenv()[name] = setmetatable({}, t); 193 return setmetatable({}, t);
194end; 194end;
195 195
196return make_root, register_resource, dump; 196return make_root, register_resource, dump;
diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc
index 7c24331..700ef1a 100644
--- a/src/FbTk/LuaUtil.cc
+++ b/src/FbTk/LuaUtil.cc
@@ -40,7 +40,7 @@ namespace {
40 40
41 int newindexDenyModify(lua::state *l) { 41 int newindexDenyModify(lua::state *l) {
42 bool ok = false; 42 bool ok = false;
43 l->getmetatable(-1); { 43 l->getmetatable(-3); {
44 l->rawgetfield(-1, "__index"); { 44 l->rawgetfield(-1, "__index"); {
45 l->pushvalue(-4); l->rawget(-2); { 45 l->pushvalue(-4); l->rawget(-2); {
46 if(l->isnil(-1)) 46 if(l->isnil(-1))
@@ -49,33 +49,30 @@ namespace {
49 } l->pop(); 49 } l->pop();
50 } l->pop(); 50 } l->pop();
51 51
52 if(ok) { 52 if(ok)
53 l->pushvalue(-2);
54 l->pushvalue(-4);
55 l->rawset(-3); 53 l->rawset(-3);
56 } else 54 else
57 newindexDenyWrite(l); 55 newindexDenyWrite(l);
58 56
59 return 0; 57 return 0;
60 } 58 }
61 59
62 void registerNewindexes(Lua &l) {
63 l.checkstack(1);
64 lua::stack_sentry s(l);
65
66 l.pushfunction(&newindexDenyWrite);
67 l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName);
68
69 l.pushfunction(&newindexDenyModify);
70 l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName);
71 }
72
73 Lua::RegisterInitFunction register_newindexes(&registerNewindexes);
74} // anonymous namespace 60} // anonymous namespace
75 61
76Lua::InitFunctions Lua::s_init_functions; 62Lua::InitFunctions Lua::s_init_functions;
77 63
78Lua::Lua() { 64Lua::Lua() {
65 checkstack(1);
66 lua::stack_sentry s(*this);
67
68 pushfunction(&newindexDenyWrite);
69 rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName);
70
71 pushfunction(&newindexDenyModify);
72 rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName);
73
74 makeReadOnly(lua::GLOBALSINDEX, true);
75
79 InitFunctions::const_iterator it_end = s_init_functions.end(); 76 InitFunctions::const_iterator it_end = s_init_functions.end();
80 for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) 77 for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it)
81 (**it)(*this); 78 (**it)(*this);