HTTP API: Address security hole (thanks @rubenwardy)
This commit is contained in:
Jean-Patrick Guerrero
parent
e4fdfa60bf
commit
382ff397a5
11
init.lua
11
init.lua
|
|
@ -1,14 +1,13 @@
|
|||
local modpath = core.get_modpath"i3"
|
||||
local http = core.request_http_api()
|
||||
local _loadfile = dofile(modpath .. "/src/operators.lua")
|
||||
|
||||
local function lf(path)
|
||||
return _loadfile(modpath .. path)
|
||||
return assert(_loadfile(modpath .. path))
|
||||
end
|
||||
|
||||
i3 = {
|
||||
modules = {},
|
||||
http = core.request_http_api(),
|
||||
|
||||
MAX_FAVS = 6,
|
||||
INV_SIZE = 4*9,
|
||||
HOTBAR_LEN = 9,
|
||||
|
|
@ -80,7 +79,7 @@ i3 = {
|
|||
}
|
||||
|
||||
i3.files.common()
|
||||
i3.files.api()
|
||||
i3.files.api(http)
|
||||
i3.files.compress()
|
||||
i3.files.groups()
|
||||
i3.files.callbacks()
|
||||
|
|
@ -93,7 +92,7 @@ i3.data = dslz(storage:get_string"data") or {}
|
|||
|
||||
local init_bags = i3.files.bags()
|
||||
local init_detached = i3.files.detached()
|
||||
local fill_caches = i3.files.caches()
|
||||
local fill_caches = i3.files.caches(http)
|
||||
local init_hud = i3.files.hud()
|
||||
|
||||
local function get_lang_code(info)
|
||||
|
|
@ -241,4 +240,4 @@ end
|
|||
--i3.files.tests.tabs()
|
||||
--i3.files.tests.operators()
|
||||
--i3.files.tests.compression()
|
||||
--i3.files.tests.custom_recipes()
|
||||
--i3.files.tests.custom_recipes(http)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
local make_fs = i3.files.gui()
|
||||
local http = ...
|
||||
|
||||
IMPORT("gmatch", "split")
|
||||
IMPORT("S", "err", "fmt", "reg_items")
|
||||
|
|
@ -22,13 +23,7 @@ function i3.register_craft(def)
|
|||
local width, c = 0, 0
|
||||
|
||||
if true_str(def.url) then
|
||||
if not i3.http then
|
||||
return err(fmt([[i3.register_craft(): Unable to reach %s.
|
||||
No HTTP support for this mod: add it to the `secure.http_mods` or
|
||||
`secure.trusted_mods` setting.]], def.url))
|
||||
end
|
||||
|
||||
i3.http.fetch({url = def.url}, function(result)
|
||||
http.fetch({url = def.url}, function(result)
|
||||
if result.succeeded then
|
||||
local t = core.parse_json(result.data)
|
||||
if is_table(t) then
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
local replacements = {fuel = {}}
|
||||
local http = ...
|
||||
|
||||
IMPORT("maxn", "copy", "insert", "sort", "match", "sub")
|
||||
IMPORT("is_group", "extract_groups", "item_has_groups", "groups_to_items")
|
||||
|
|
@ -269,13 +270,13 @@ local function init_recipes()
|
|||
resolve_aliases(_select)
|
||||
sort(i3.init_items)
|
||||
|
||||
if i3.http and true_str(i3.export_url) then
|
||||
if http and true_str(i3.export_url) then
|
||||
local post_data = {
|
||||
recipes = i3.recipes_cache,
|
||||
usages = i3.usages_cache,
|
||||
}
|
||||
|
||||
i3.http.fetch_async {
|
||||
http.fetch_async {
|
||||
url = i3.export_url,
|
||||
post_data = core.write_json(post_data),
|
||||
}
|
||||
|
|
|
|||
Ŝarĝante…
Reference in New Issue