diff options
Diffstat (limited to 'mesecons_luacontroller')
| -rw-r--r-- | mesecons_luacontroller/init.lua | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/mesecons_luacontroller/init.lua b/mesecons_luacontroller/init.lua index 7d76b26..d874fdf 100644 --- a/mesecons_luacontroller/init.lua +++ b/mesecons_luacontroller/init.lua @@ -273,9 +273,25 @@ end local function get_digiline_send(pos) if not digiline then return end return function(channel, msg) + -- Make sure channel is string, number or boolean + if (type(channel) ~= "string" and type(channel) ~= "number" and type(channel) ~= "boolean") then + return false + end + + -- It is technically possible to send functions over the wire since + -- the high performance impact of stripping those from the data has + -- been decided to not be worth the added realism. + -- Make sure serialized version of the data is not insanely long to + -- prevent DoS-like attacks + local msg_ser = minetest.serialize(msg) + if #msg_ser > mesecon.setting("luacontroller_digiline_maxlen", 50000) then + return false + end + minetest.after(0, function() digiline:receptor_send(pos, digiline.rules.default, channel, msg) end) + return true end end @@ -284,6 +300,7 @@ local safe_globals = { "assert", "error", "ipairs", "next", "pairs", "select", "tonumber", "tostring", "type", "unpack", "_VERSION" } + local function create_environment(pos, mem, event) -- Gather variables for the environment local vports = minetest.registered_nodes[minetest.get_node(pos).name].virtual_portstates |