diff options
author | Pavel Labath <pavelo@centrum.sk> | 2011-07-08 22:32:22 (GMT) |
---|---|---|
committer | Pavel Labath <pavelo@centrum.sk> | 2011-07-08 22:32:22 (GMT) |
commit | f465571aedce23506b36d0da79cb1e8e53c029aa (patch) | |
tree | 4feb6f46023205cf5cf948fe472de4e05d30bf40 /src/FbTk/LuaUtil.cc | |
parent | 79bbb94d411dcef966403e2f33710fdb3aa2b528 (diff) | |
download | fluxbox_pavel-f465571aedce23506b36d0da79cb1e8e53c029aa.zip fluxbox_pavel-f465571aedce23506b36d0da79cb1e8e53c029aa.tar.bz2 |
Lua: Make global variables read-only
This prevents the user from inadvertently overwriting e.g. the session table and then wondering
why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script
can still use raw access to mess with it) and it adds some overhead to any operation referencing
a global variable.
Diffstat (limited to 'src/FbTk/LuaUtil.cc')
-rw-r--r-- | src/FbTk/LuaUtil.cc | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc index 7c24331..700ef1a 100644 --- a/src/FbTk/LuaUtil.cc +++ b/src/FbTk/LuaUtil.cc | |||
@@ -40,7 +40,7 @@ namespace { | |||
40 | 40 | ||
41 | int newindexDenyModify(lua::state *l) { | 41 | int newindexDenyModify(lua::state *l) { |
42 | bool ok = false; | 42 | bool ok = false; |
43 | l->getmetatable(-1); { | 43 | l->getmetatable(-3); { |
44 | l->rawgetfield(-1, "__index"); { | 44 | l->rawgetfield(-1, "__index"); { |
45 | l->pushvalue(-4); l->rawget(-2); { | 45 | l->pushvalue(-4); l->rawget(-2); { |
46 | if(l->isnil(-1)) | 46 | if(l->isnil(-1)) |
@@ -49,33 +49,30 @@ namespace { | |||
49 | } l->pop(); | 49 | } l->pop(); |
50 | } l->pop(); | 50 | } l->pop(); |
51 | 51 | ||
52 | if(ok) { | 52 | if(ok) |
53 | l->pushvalue(-2); | ||
54 | l->pushvalue(-4); | ||
55 | l->rawset(-3); | 53 | l->rawset(-3); |
56 | } else | 54 | else |
57 | newindexDenyWrite(l); | 55 | newindexDenyWrite(l); |
58 | 56 | ||
59 | return 0; | 57 | return 0; |
60 | } | 58 | } |
61 | 59 | ||
62 | void registerNewindexes(Lua &l) { | ||
63 | l.checkstack(1); | ||
64 | lua::stack_sentry s(l); | ||
65 | |||
66 | l.pushfunction(&newindexDenyWrite); | ||
67 | l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); | ||
68 | |||
69 | l.pushfunction(&newindexDenyModify); | ||
70 | l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); | ||
71 | } | ||
72 | |||
73 | Lua::RegisterInitFunction register_newindexes(®isterNewindexes); | ||
74 | } // anonymous namespace | 60 | } // anonymous namespace |
75 | 61 | ||
76 | Lua::InitFunctions Lua::s_init_functions; | 62 | Lua::InitFunctions Lua::s_init_functions; |
77 | 63 | ||
78 | Lua::Lua() { | 64 | Lua::Lua() { |
65 | checkstack(1); | ||
66 | lua::stack_sentry s(*this); | ||
67 | |||
68 | pushfunction(&newindexDenyWrite); | ||
69 | rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); | ||
70 | |||
71 | pushfunction(&newindexDenyModify); | ||
72 | rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); | ||
73 | |||
74 | makeReadOnly(lua::GLOBALSINDEX, true); | ||
75 | |||
79 | InitFunctions::const_iterator it_end = s_init_functions.end(); | 76 | InitFunctions::const_iterator it_end = s_init_functions.end(); |
80 | for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) | 77 | for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) |
81 | (**it)(*this); | 78 | (**it)(*this); |