From 9f84eb3c7b18e3a1f6ec6e0f1f3fd181a496e25c Mon Sep 17 00:00:00 2001 From: Pavel Labath Date: Sat, 9 Jul 2011 00:32:22 +0200 Subject: Lua: Make global variables read-only This prevents the user from inadvertently overwriting e.g. the session table and then wondering why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script can still use raw access to mess with it) and it adds some overhead to any operation referencing a global variable. --- src/FbTk/LResource.cc | 6 +++++- src/FbTk/LResourceHelper.lua | 2 +- src/FbTk/LuaUtil.cc | 31 ++++++++++++++----------------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/src/FbTk/LResource.cc b/src/FbTk/LResource.cc index 6671b89..d7627c9 100644 --- a/src/FbTk/LResource.cc +++ b/src/FbTk/LResource.cc @@ -105,9 +105,13 @@ LResourceManager::LResourceManager(const std::string &root, Lua &l) l.checkstack(2); lua::stack_sentry s(l); + l.pushstring(root); + l.getfield(lua::REGISTRYINDEX, make_root); l.pushstring(root); - l.call(1, 0); + l.call(1, 1); + + l.readOnlySet(lua::GLOBALSINDEX); } bool LResourceManager::save(const char *filename, const char *) { diff --git a/src/FbTk/LResourceHelper.lua b/src/FbTk/LResourceHelper.lua index 5171c43..0e61eb6 100644 --- a/src/FbTk/LResourceHelper.lua +++ b/src/FbTk/LResourceHelper.lua @@ -190,7 +190,7 @@ local function make_root(name) __newindex = newindex, __index = index, _magic = cat_magic, _fullname = name, _state = 0 }; - getfenv()[name] = setmetatable({}, t); + return setmetatable({}, t); end; return make_root, register_resource, dump; diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc index 7c24331..700ef1a 100644 --- a/src/FbTk/LuaUtil.cc +++ b/src/FbTk/LuaUtil.cc @@ -40,7 +40,7 @@ namespace { int newindexDenyModify(lua::state *l) { bool ok = false; - l->getmetatable(-1); { + l->getmetatable(-3); { l->rawgetfield(-1, "__index"); { l->pushvalue(-4); l->rawget(-2); { if(l->isnil(-1)) @@ -49,33 +49,30 @@ namespace { } l->pop(); } l->pop(); - if(ok) { - l->pushvalue(-2); - l->pushvalue(-4); + if(ok) l->rawset(-3); - } else + else newindexDenyWrite(l); return 0; } - void registerNewindexes(Lua &l) { - l.checkstack(1); - lua::stack_sentry s(l); - - l.pushfunction(&newindexDenyWrite); - l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); - - l.pushfunction(&newindexDenyModify); - l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); - } - - Lua::RegisterInitFunction register_newindexes(®isterNewindexes); } // anonymous namespace Lua::InitFunctions Lua::s_init_functions; Lua::Lua() { + checkstack(1); + lua::stack_sentry s(*this); + + pushfunction(&newindexDenyWrite); + rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); + + pushfunction(&newindexDenyModify); + rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); + + makeReadOnly(lua::GLOBALSINDEX, true); + InitFunctions::const_iterator it_end = s_init_functions.end(); for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) (**it)(*this); -- cgit v0.11.2