diff options
author | Pavel Labath <pavelo@centrum.sk> | 2011-07-08 22:32:22 (GMT) |
---|---|---|
committer | Paul Tagliamonte <paultag@fluxbox.org> | 2012-04-07 02:11:30 (GMT) |
commit | ca42f1048dc29673af0285eb0d3d0accbdd53edc (patch) | |
tree | 4b9894bbc4ad74761e1395422a7beb164537722f /src/FbTk | |
parent | c9270d14e1bd7db5b73d5a7e23875d0c8428097c (diff) | |
download | fluxbox_paul-ca42f1048dc29673af0285eb0d3d0accbdd53edc.zip fluxbox_paul-ca42f1048dc29673af0285eb0d3d0accbdd53edc.tar.bz2 |
Lua: Make global variables read-only
This prevents the user from inadvertently overwriting e.g. the session table and then wondering
why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script
can still use raw access to mess with it) and it adds some overhead to any operation referencing
a global variable.
Diffstat (limited to 'src/FbTk')
-rw-r--r-- | src/FbTk/LResource.cc | 6 | ||||
-rw-r--r-- | src/FbTk/LResourceHelper.lua | 2 | ||||
-rw-r--r-- | src/FbTk/LuaUtil.cc | 31 |
3 files changed, 20 insertions, 19 deletions
diff --git a/src/FbTk/LResource.cc b/src/FbTk/LResource.cc index 6671b89..d7627c9 100644 --- a/src/FbTk/LResource.cc +++ b/src/FbTk/LResource.cc | |||
@@ -105,9 +105,13 @@ LResourceManager::LResourceManager(const std::string &root, Lua &l) | |||
105 | l.checkstack(2); | 105 | l.checkstack(2); |
106 | lua::stack_sentry s(l); | 106 | lua::stack_sentry s(l); |
107 | 107 | ||
108 | l.pushstring(root); | ||
109 | |||
108 | l.getfield(lua::REGISTRYINDEX, make_root); | 110 | l.getfield(lua::REGISTRYINDEX, make_root); |
109 | l.pushstring(root); | 111 | l.pushstring(root); |
110 | l.call(1, 0); | 112 | l.call(1, 1); |
113 | |||
114 | l.readOnlySet(lua::GLOBALSINDEX); | ||
111 | } | 115 | } |
112 | 116 | ||
113 | bool LResourceManager::save(const char *filename, const char *) { | 117 | bool LResourceManager::save(const char *filename, const char *) { |
diff --git a/src/FbTk/LResourceHelper.lua b/src/FbTk/LResourceHelper.lua index 5171c43..0e61eb6 100644 --- a/src/FbTk/LResourceHelper.lua +++ b/src/FbTk/LResourceHelper.lua | |||
@@ -190,7 +190,7 @@ local function make_root(name) | |||
190 | __newindex = newindex, __index = index, | 190 | __newindex = newindex, __index = index, |
191 | _magic = cat_magic, _fullname = name, _state = 0 | 191 | _magic = cat_magic, _fullname = name, _state = 0 |
192 | }; | 192 | }; |
193 | getfenv()[name] = setmetatable({}, t); | 193 | return setmetatable({}, t); |
194 | end; | 194 | end; |
195 | 195 | ||
196 | return make_root, register_resource, dump; | 196 | return make_root, register_resource, dump; |
diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc index 7c24331..700ef1a 100644 --- a/src/FbTk/LuaUtil.cc +++ b/src/FbTk/LuaUtil.cc | |||
@@ -40,7 +40,7 @@ namespace { | |||
40 | 40 | ||
41 | int newindexDenyModify(lua::state *l) { | 41 | int newindexDenyModify(lua::state *l) { |
42 | bool ok = false; | 42 | bool ok = false; |
43 | l->getmetatable(-1); { | 43 | l->getmetatable(-3); { |
44 | l->rawgetfield(-1, "__index"); { | 44 | l->rawgetfield(-1, "__index"); { |
45 | l->pushvalue(-4); l->rawget(-2); { | 45 | l->pushvalue(-4); l->rawget(-2); { |
46 | if(l->isnil(-1)) | 46 | if(l->isnil(-1)) |
@@ -49,33 +49,30 @@ namespace { | |||
49 | } l->pop(); | 49 | } l->pop(); |
50 | } l->pop(); | 50 | } l->pop(); |
51 | 51 | ||
52 | if(ok) { | 52 | if(ok) |
53 | l->pushvalue(-2); | ||
54 | l->pushvalue(-4); | ||
55 | l->rawset(-3); | 53 | l->rawset(-3); |
56 | } else | 54 | else |
57 | newindexDenyWrite(l); | 55 | newindexDenyWrite(l); |
58 | 56 | ||
59 | return 0; | 57 | return 0; |
60 | } | 58 | } |
61 | 59 | ||
62 | void registerNewindexes(Lua &l) { | ||
63 | l.checkstack(1); | ||
64 | lua::stack_sentry s(l); | ||
65 | |||
66 | l.pushfunction(&newindexDenyWrite); | ||
67 | l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); | ||
68 | |||
69 | l.pushfunction(&newindexDenyModify); | ||
70 | l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); | ||
71 | } | ||
72 | |||
73 | Lua::RegisterInitFunction register_newindexes(®isterNewindexes); | ||
74 | } // anonymous namespace | 60 | } // anonymous namespace |
75 | 61 | ||
76 | Lua::InitFunctions Lua::s_init_functions; | 62 | Lua::InitFunctions Lua::s_init_functions; |
77 | 63 | ||
78 | Lua::Lua() { | 64 | Lua::Lua() { |
65 | checkstack(1); | ||
66 | lua::stack_sentry s(*this); | ||
67 | |||
68 | pushfunction(&newindexDenyWrite); | ||
69 | rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); | ||
70 | |||
71 | pushfunction(&newindexDenyModify); | ||
72 | rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); | ||
73 | |||
74 | makeReadOnly(lua::GLOBALSINDEX, true); | ||
75 | |||
79 | InitFunctions::const_iterator it_end = s_init_functions.end(); | 76 | InitFunctions::const_iterator it_end = s_init_functions.end(); |
80 | for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) | 77 | for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) |
81 | (**it)(*this); | 78 | (**it)(*this); |