rain-plus/zombiesurvival-evolved
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix deserialize client exploit.

Browse source
This commit is contained in:
JetBoom 2015-04-14 19:47:50 -04:00
parent 783a4d742f
commit f815e39351
1 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
gamemodes/zombiesurvival/gamemode/sh_serialization.lua
View file

@ -1,11 +1,24 @@
local sandbox_env = {Vector = Vector, Angle = Angle}
function Deserialize(sIn) function Deserialize(sIn)
SRL = nil local out = {}
if #sIn == 0 then return {} end if #sIn == 0 or string.sub(sIn, -1) ~= "}" then return out end
if string.sub(sIn, 1, 4) ~= "SRL=" then sIn = "SRL="..sIn end RunString(sIn) if string.sub(sIn, 1, 4) ~= "SRL=" then sIn = "SRL="..sIn end
return SRL if string.sub(sIn, 5, 5) ~= "{" then return out end
sIn = sIn.." return SRL"
local func = CompileString(sIn, "deserialize", false)
if type(func) == "string" then
print("Deserialization error: "..func)
else
setfenv(func, sandbox_env)
out = func() or out
end
return out
end end
local allowedtypes = {} local allowedtypes = {}