Lua: Make global variables read-only

This prevents the user from inadvertently overwriting e.g. the session table and then wondering
why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script
can still use raw access to mess with it) and it adds some overhead to any operation referencing
a global variable.

3 files changed, 20 insertions, 19 deletions

diff --git a/src/FbTk/LResource.cc b/src/FbTk/LResource.cc
index 6671b89..d7627c9 100644
--- a/src/FbTk/LResource.cc
+++ b/src/FbTk/LResource.cc
@@ -105,9 +105,13 @@ LResourceManager::LResourceManager(const std::string &root, Lua &l)
     l.checkstack(2);
     lua::stack_sentry s(l);
 
+    l.pushstring(root);
+
     l.getfield(lua::REGISTRYINDEX, make_root);
     l.pushstring(root);
-    l.call(1, 0);
+    l.call(1, 1);
+
+    l.readOnlySet(lua::GLOBALSINDEX);
 }
 
 bool LResourceManager::save(const char *filename, const char *) {
diff --git a/src/FbTk/LResourceHelper.lua b/src/FbTk/LResourceHelper.lua
index 5171c43..0e61eb6 100644
--- a/src/FbTk/LResourceHelper.lua
+++ b/src/FbTk/LResourceHelper.lua
@@ -190,7 +190,7 @@ local function make_root(name)
         __newindex = newindex, __index = index,
         _magic = cat_magic, _fullname = name, _state = 0
     };
-    getfenv()[name] = setmetatable({}, t);
+    return setmetatable({}, t);
 end;
 
 return make_root, register_resource, dump;
diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc
index 7c24331..700ef1a 100644
--- a/src/FbTk/LuaUtil.cc
+++ b/src/FbTk/LuaUtil.cc
@@ -40,7 +40,7 @@ namespace {
 
     int newindexDenyModify(lua::state *l) {
         bool ok = false;
-        l->getmetatable(-1); {
+        l->getmetatable(-3); {
             l->rawgetfield(-1, "__index"); {
                 l->pushvalue(-4); l->rawget(-2); {
                     if(l->isnil(-1))
@@ -49,33 +49,30 @@ namespace {
             } l->pop();
         } l->pop();
 
-        if(ok) {
-            l->pushvalue(-2);
-            l->pushvalue(-4);
+        if(ok)
             l->rawset(-3);
-        } else 
+        else 
             newindexDenyWrite(l);
 
         return 0;
     }
 
-    void registerNewindexes(Lua &l) {
-        l.checkstack(1);
-        lua::stack_sentry s(l);
-
-        l.pushfunction(&newindexDenyWrite);
-        l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName);
-
-        l.pushfunction(&newindexDenyModify);
-        l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName);
-    }
-
-    Lua::RegisterInitFunction register_newindexes(&registerNewindexes);
 } // anonymous namespace
 
 Lua::InitFunctions Lua::s_init_functions;
 
 Lua::Lua() {
+    checkstack(1);
+    lua::stack_sentry s(*this);
+
+    pushfunction(&newindexDenyWrite);
+    rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName);
+
+    pushfunction(&newindexDenyModify);
+    rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName);
+
+    makeReadOnly(lua::GLOBALSINDEX, true);
+
     InitFunctions::const_iterator it_end = s_init_functions.end();
     for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it)
         (**it)(*this);