You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IMO this should be done by adding core.settings_from_string and Settings:to_string (the names could be different.)
i only slightly object to that proposal, in that it's non-trivial to communicate that that's the proper way to solve the problem. it'd certainly be easy to implement, and dev time is finite.
I had a look at this issue and found that modpack entries are discarded in flattenMods() and game root paths are never added to the list. It might make sense to keep track of those paths separately (mods.cpp).
Currently accessible files: (see ScriptApiSecurity::checkPath)
any file (including mod.conf) from loaded mod's paths (read-only)
any file in the world path but such in worldmods/ or game/
Minetest version
and probably everything since https://github.com/minetest/minetest/blame/master/src/script/lua_api/l_settings.cpp#L348
Summary
a mod w/ access to the insecure environment cannot use
Settings
to read configuration files in insecure paths.Steps to reproduce
minetest.conf:
modpack/modpack.conf
modpack/mod2/init.lua
-- empty
mod/init.lua
The text was updated successfully, but these errors were encountered: