[no squash] Remove insecure environment from async and emerge environment #14370
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #13092 (comment)
since this affects the async environment too
we should create a security advisory(done)this situation does not have an obvious fix:
At the time
register_mapgen_script
is called the engine trusts the mod name. But this isn't safe because mods can (intentionally or unintentionally) call into each other's code.register_mapgen_script
to the top level (likerequest_insecure_environment
) would be inconvenientget_current_modname
would use this because it needs to stay working)request_insecure_environment
)So I chose to just remove the feature.
To do
This PR is Ready for Review.
How to test
request_insecure_environment
still works