From f3ee061f7fb2784b8420c27a76f2569902c601ea Mon Sep 17 00:00:00 2001 From: Mm2PL Date: Sun, 12 Feb 2023 22:46:32 +0100 Subject: [PATCH] Make load() only usable in debug mode --- docs/wip-plugins.md | 1 + src/controllers/plugins/LuaApi.cpp | 5 +++++ src/controllers/plugins/PluginController.cpp | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/wip-plugins.md b/docs/wip-plugins.md index a2d1b5b4a..b22e8c821 100644 --- a/docs/wip-plugins.md +++ b/docs/wip-plugins.md @@ -145,6 +145,7 @@ end #### `load(chunk [, chunkname [, mode [, env]]])` +This function is only available if Chatterino is compiled in debug mode. It is meant for debugging with little exception. This function behaves really similarity to Lua's `load`, however it does not allow for bytecode to be executed. It achieves this by forcing all inputs to be encoded with `UTF-8`. diff --git a/src/controllers/plugins/LuaApi.cpp b/src/controllers/plugins/LuaApi.cpp index 979939665..113b3282d 100644 --- a/src/controllers/plugins/LuaApi.cpp +++ b/src/controllers/plugins/LuaApi.cpp @@ -162,6 +162,10 @@ int c2_log(lua_State *L) int g_load(lua_State *L) { +#ifdef NDEBUG + luaL_error(L, "load() is only usable in debug mode"); + return 0; +#else auto countArgs = lua_gettop(L); QByteArray data; if (lua::peek(L, &data, 1)) @@ -199,6 +203,7 @@ int g_load(lua_State *L) lua_call(L, countArgs, LUA_MULTRET); return lua_gettop(L); +#endif } int g_dofile(lua_State *L) diff --git a/src/controllers/plugins/PluginController.cpp b/src/controllers/plugins/PluginController.cpp index c8a0df932..b0002f474 100644 --- a/src/controllers/plugins/PluginController.cpp +++ b/src/controllers/plugins/PluginController.cpp @@ -168,10 +168,13 @@ void PluginController::openLibrariesFor(lua_State *L, lua_pushglobaltable(L); auto gtable = lua_gettop(L); - lua_getfield(L, gtable, "load"); // possibly randomize this name at runtime to prevent some attacks? + +#ifndef NDEBUG + lua_getfield(L, gtable, "load"); lua_setfield(L, LUA_REGISTRYINDEX, "real_load"); +#endif lua_getfield(L, gtable, "dofile"); lua_setfield(L, LUA_REGISTRYINDEX, "real_dofile");