From f465571aedce23506b36d0da79cb1e8e53c029aa Mon Sep 17 00:00:00 2001 From: Pavel Labath Date: Sat, 9 Jul 2011 00:32:22 +0200 Subject: Lua: Make global variables read-only This prevents the user from inadvertently overwriting e.g. the session table and then wondering why it does not work. I'm still not sure about this approach, as it's not 100% secure (the script can still use raw access to mess with it) and it adds some overhead to any operation referencing a global variable. --- src/FbTk/LResource.cc | 6 +++++- src/FbTk/LResourceHelper.lua | 2 +- src/FbTk/LuaUtil.cc | 31 ++++++++++++++----------------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/src/FbTk/LResource.cc b/src/FbTk/LResource.cc index 6671b89..d7627c9 100644 --- a/src/FbTk/LResource.cc +++ b/src/FbTk/LResource.cc @@ -105,9 +105,13 @@ LResourceManager::LResourceManager(const std::string &root, Lua &l) l.checkstack(2); lua::stack_sentry s(l); + l.pushstring(root); + l.getfield(lua::REGISTRYINDEX, make_root); l.pushstring(root); - l.call(1, 0); + l.call(1, 1); + + l.readOnlySet(lua::GLOBALSINDEX); } bool LResourceManager::save(const char *filename, const char *) { diff --git a/src/FbTk/LResourceHelper.lua b/src/FbTk/LResourceHelper.lua index 5171c43..0e61eb6 100644 --- a/src/FbTk/LResourceHelper.lua +++ b/src/FbTk/LResourceHelper.lua @@ -190,7 +190,7 @@ local function make_root(name) __newindex = newindex, __index = index, _magic = cat_magic, _fullname = name, _state = 0 }; - getfenv()[name] = setmetatable({}, t); + return setmetatable({}, t); end; return make_root, register_resource, dump; diff --git a/src/FbTk/LuaUtil.cc b/src/FbTk/LuaUtil.cc index 7c24331..700ef1a 100644 --- a/src/FbTk/LuaUtil.cc +++ b/src/FbTk/LuaUtil.cc @@ -40,7 +40,7 @@ namespace { int newindexDenyModify(lua::state *l) { bool ok = false; - l->getmetatable(-1); { + l->getmetatable(-3); { l->rawgetfield(-1, "__index"); { l->pushvalue(-4); l->rawget(-2); { if(l->isnil(-1)) @@ -49,33 +49,30 @@ namespace { } l->pop(); } l->pop(); - if(ok) { - l->pushvalue(-2); - l->pushvalue(-4); + if(ok) l->rawset(-3); - } else + else newindexDenyWrite(l); return 0; } - void registerNewindexes(Lua &l) { - l.checkstack(1); - lua::stack_sentry s(l); - - l.pushfunction(&newindexDenyWrite); - l.rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); - - l.pushfunction(&newindexDenyModify); - l.rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); - } - - Lua::RegisterInitFunction register_newindexes(®isterNewindexes); } // anonymous namespace Lua::InitFunctions Lua::s_init_functions; Lua::Lua() { + checkstack(1); + lua::stack_sentry s(*this); + + pushfunction(&newindexDenyWrite); + rawsetfield(lua::REGISTRYINDEX, newindexDenyWriteName); + + pushfunction(&newindexDenyModify); + rawsetfield(lua::REGISTRYINDEX, newindexDenyModifyName); + + makeReadOnly(lua::GLOBALSINDEX, true); + InitFunctions::const_iterator it_end = s_init_functions.end(); for(InitFunctions::const_iterator it = s_init_functions.begin(); it != it_end; ++it) (**it)(*this); -- cgit v0.11.2