| Lua-Api | How-To | Wiki | Lua-Chat | Lua-Forums | Login | Register |
How To/Restrict lua script access to a base dir (base dir restriction)
Put the following source at the beginning of your source to enable the base dir restriction in lua.
You need LuaFileSystem installed.
You need LuaFileSystem installed.
Code
do
local oldOpen = io.open
io.open = function (filename, mode)
require "lfs"
local currentdir=lfs.currentdir()
-- On Windows, wrong drive
if (string.sub(filename,2,2)==':' and string.sub(filename,1,1)~=string.sub(currentdir,1,1)) then
return nil, "access denied"
end
-- If this is no windows drive location and no *nix root -> append it
if (string.sub(filename,2,2)~=':' and string.sub(filename,1,1)~='/') then
filename=currentdir..[[\]]..filename
end
local strlenbefore=string.len(filename)+1
while ( strlenbefore>string.len(filename) ) do
strlenbefore=string.len(filename)
-- Clean on windows from the ...
filename=string.gsub(filename,[[([^%/]+)%\([^%/]+)%\%.%.]],"%1")
--Clean on linux from the ...
filename=string.gsub(filename,[[([^%/]-)%/%.%.]],"")
end
if (string.sub(filename,1,string.len(currentdir))~=currentdir) then
return nil, "access denied"
end
return oldOpen(filename, mode)
end
end
| Comments | ||
| © 2007 DracoBlue :: Valid XHTML, CSS, RSS Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC | SourceNet © 2007, DracoBlue :: Page created in 1.575 seconds with 44 queries. | ||