just always temp files to be created
Implication: os.rename now needs to be sandboxed. Hopefully it's tractable to treat it as conceptually identical to opening two files.
This commit is contained in:
parent
2d393bfb80
commit
2b47f76308
|
@ -44,7 +44,7 @@ function temporary_filename_in_same_volume(filename)
|
||||||
-- so that a future rename works
|
-- so that a future rename works
|
||||||
local i = 1
|
local i = 1
|
||||||
while true do
|
while true do
|
||||||
temporary_filename = 'teliva_temp_'..filename..'_'..i
|
temporary_filename = 'teliva_tmp_'..filename..'_'..i
|
||||||
if io.open(temporary_filename) == nil then
|
if io.open(temporary_filename) == nil then
|
||||||
-- file doesn't exist yet; create a placeholder and return it
|
-- file doesn't exist yet; create a placeholder and return it
|
||||||
local handle = io.open(temporary_filename, 'w')
|
local handle = io.open(temporary_filename, 'w')
|
||||||
|
|
|
@ -167,10 +167,6 @@ static int is_separator(int c) {
|
||||||
return c == '\0' || isspace(c) || strchr(",.()+-/*=~%[];",c) != NULL;
|
return c == '\0' || isspace(c) || strchr(",.()+-/*=~%[];",c) != NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int starts_with(const char* s, const char* prefix) {
|
|
||||||
return strncmp(prefix, s, strlen(prefix)) == 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Return true if the specified row last char is part of a multi line comment
|
/* Return true if the specified row last char is part of a multi line comment
|
||||||
* that starts at this row or at one before, and does not end at the end
|
* that starts at this row or at one before, and does not end at the end
|
||||||
* of the row but spawns to the next row. */
|
* of the row but spawns to the next row. */
|
||||||
|
|
|
@ -132,7 +132,9 @@ static int io_open (lua_State *L) {
|
||||||
snprintf(buffer, 1020, "io.open(\"%s\", \"%s\")", filename, mode);
|
snprintf(buffer, 1020, "io.open(\"%s\", \"%s\")", filename, mode);
|
||||||
append_to_audit_log(L, buffer);
|
append_to_audit_log(L, buffer);
|
||||||
FILE **pf = newfile(L);
|
FILE **pf = newfile(L);
|
||||||
if (file_operation_permitted(filename, mode))
|
if (file_operation_permitted(filename, mode)
|
||||||
|
/* filenames starting with teliva_tmp_ are always ok */
|
||||||
|
|| starts_with(filename, "teliva_tmp_"))
|
||||||
*pf = fopen(filename, mode);
|
*pf = fopen(filename, mode);
|
||||||
else {
|
else {
|
||||||
snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; adjust its permissions (ctrl-p) if that is expected", filename);
|
snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; adjust its permissions (ctrl-p) if that is expected", filename);
|
||||||
|
|
15
src/loslib.c
15
src/loslib.c
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
#include "lauxlib.h"
|
#include "lauxlib.h"
|
||||||
#include "lualib.h"
|
#include "lualib.h"
|
||||||
|
#include "teliva.h"
|
||||||
|
|
||||||
|
|
||||||
static int os_pushresult (lua_State *L, int i, const char *filename) {
|
static int os_pushresult (lua_State *L, int i, const char *filename) {
|
||||||
|
@ -41,9 +42,23 @@ static int os_remove (lua_State *L) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static char oslib_errbuf[1024] = {0};
|
||||||
static int os_rename (lua_State *L) {
|
static int os_rename (lua_State *L) {
|
||||||
const char *fromname = luaL_checkstring(L, 1);
|
const char *fromname = luaL_checkstring(L, 1);
|
||||||
const char *toname = luaL_checkstring(L, 2);
|
const char *toname = luaL_checkstring(L, 2);
|
||||||
|
/* A rename is like reading from one file and writing to another file. */
|
||||||
|
if (!file_operation_permitted(fromname, "r")
|
||||||
|
&& !starts_with(fromname, "teliva_tmp_")) {
|
||||||
|
snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for reading; adjust its permissions (ctrl-p) if that is expected", fromname);
|
||||||
|
Previous_message = oslib_errbuf;
|
||||||
|
return os_pushresult(L, 0, fromname);
|
||||||
|
}
|
||||||
|
if (!file_operation_permitted(toname, "w")
|
||||||
|
&& !starts_with(fromname, "teliva_tmp_")) {
|
||||||
|
snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for writing; adjust its permissions (ctrl-p) if that is expected", toname);
|
||||||
|
Previous_message = oslib_errbuf;
|
||||||
|
return os_pushresult(L, 0, toname);
|
||||||
|
}
|
||||||
return os_pushresult(L, rename(fromname, toname) == 0, fromname);
|
return os_pushresult(L, rename(fromname, toname) == 0, fromname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,10 @@
|
||||||
#include "teliva.h"
|
#include "teliva.h"
|
||||||
#include "tlv.h"
|
#include "tlv.h"
|
||||||
|
|
||||||
|
int starts_with(const char* s, const char* prefix) {
|
||||||
|
return strncmp(s, prefix, strlen(prefix)) == 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*** Standard UI elements */
|
/*** Standard UI elements */
|
||||||
|
|
||||||
int menu_column = 0;
|
int menu_column = 0;
|
||||||
|
@ -361,10 +365,6 @@ static void clear_caller(lua_State* L) {
|
||||||
assert(lua_gettop(L) == oldtop);
|
assert(lua_gettop(L) == oldtop);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int starts_with(const char* s, const char* pre) {
|
|
||||||
return strncmp(pre, s, strlen(pre)) == 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* return true if submitted */
|
/* return true if submitted */
|
||||||
static int edit_current_definition(lua_State* L);
|
static int edit_current_definition(lua_State* L);
|
||||||
static void recent_changes_view(lua_State* L);
|
static void recent_changes_view(lua_State* L);
|
||||||
|
|
|
@ -190,4 +190,7 @@ extern int report_in_developer_mode(lua_State* L, int status);
|
||||||
|
|
||||||
extern void render_previous_error(void);
|
extern void render_previous_error(void);
|
||||||
|
|
||||||
|
/* Misc */
|
||||||
|
extern int starts_with(const char* s, const char* prefix);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue