diff options
| author | Mnikolenko Productengine <mnikolenko@productengine.com> | 2024-05-15 18:50:51 +0300 |
|---|---|---|
| committer | Mnikolenko Productengine <mnikolenko@productengine.com> | 2024-05-15 18:50:51 +0300 |
| commit | 9f540f10e687bb3889de191afbae3b52cc21f415 (patch) | |
| tree | 48f561539193be6993dfd40e853a67b01cdb1812 /indra/newview/lluilistener.cpp | |
| parent | cec3b8d870085925cd0c9fb900b7d5e4629bcbfd (diff) | |
Add trusted flag to UI callbacks, so not everything is accessible from the script
Diffstat (limited to 'indra/newview/lluilistener.cpp')
| -rw-r--r-- | indra/newview/lluilistener.cpp | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/indra/newview/lluilistener.cpp b/indra/newview/lluilistener.cpp index 97a2be6aa3..c9e5cf00d6 100644 --- a/indra/newview/lluilistener.cpp +++ b/indra/newview/lluilistener.cpp @@ -59,30 +59,34 @@ LLUIListener::LLUIListener(): void LLUIListener::call(const LLSD& event) const { - LLUICtrl::commit_callback_t* func = - LLUICtrl::CommitCallbackRegistry::getValue(event["function"]); - if (! func) + Response response(LLSD(), event); + LLUICtrl::LLCommitCallbackInfo *info = LLUICtrl::SharedCommitCallbackRegistry::getValue(event["function"]); + if (!info ) { - // This API is intended for use by a script. It's a fire-and-forget - // API: we provide no reply. Therefore, a typo in the script will - // provide no feedback whatsoever to that script. To rub the coder's - // nose in such an error, crump rather than quietly ignoring it. - LL_WARNS("LLUIListener") << "function '" << event["function"] << "' not found" << LL_ENDL; + response.error(STRINGIZE("Function " << std::quoted(event["function"].asString()) << "was not found")); + return; } - else + if (!info->mAllowUntrusted) + { + response.error(STRINGIZE("Function " << std::quoted(event["function"].asString()) << " is not allowed to be called from the script")); + return; + } + LLUICtrl::commit_callback_t func = info->callback_func; + + if (info->callback_func) { // Interestingly, view_listener_t::addMenu() (addCommit(), // addEnable()) constructs a commit_callback_t callable that accepts // two parameters but discards the first. Only the second is passed to // handleEvent(). Therefore we feel completely safe passing NULL for // the first parameter. - (*func)(NULL, event["parameter"]); + (func)(NULL, event["parameter"]); } } void LLUIListener::getValue(const LLSD&event) const { - LLSD reply = LLSD::emptyMap(); + Response response(LLSD(), event); const LLView* root = LLUI::getInstance()->getRootView(); const LLView* view = LLUI::getInstance()->resolvePath(root, event["path"].asString()); @@ -90,12 +94,10 @@ void LLUIListener::getValue(const LLSD&event) const if (ctrl) { - reply["value"] = ctrl->getValue(); + response["value"] = ctrl->getValue(); } else { - // *TODO: ??? return something indicating failure to resolve + response.error(STRINGIZE("UI control " << std::quoted(event["path"].asString()) << " was not found")); } - - sendReply(reply, event); } |