Commit Graph

8591 Commits

Author SHA1 Message Date
Jozef Behran
33afe1fb56 Fix randomly rejected form field submits (#8091)
If a formspec is submitted from a form fields handling
callback of another form (or "formspec shown from another
formspec"), the fields submitted for it can get
rejected by the form exploit mitigation subsystem with a
message like "'zorman2000' submitted formspec
('formspec_error:form2') but server hasn't sent formspec to
client, possible exploitation attempt" being sent to logs.
This was already reported as #7374 and a change was made
that fixed the simple testcase included with that bug
report but the bug still kept lurking around and popping
out in more complicated scenarios like the advtrains TSS
route programming UI.

Deep investigation of the problem revealed that this
sequence of events is entirely possible and leads to the
bug:

  1. Server: show form1
  2. Client *shows form1*
  3. Client: submits form1
  4. Server: show form2
  5. Client: says form1 closed
  6. Client *shows form2*
  7. Client: submits form2

What happens inside the code is that when the server in
step 4 sends form2, the registry of opened forms is
updated to reflect the fact that form2 is now the valid
form for the client to submit. Then when in step 5 client
says "form1 was closed", the exploit mitigation subsystem
code deletes the registry entry for the client without
bothering to check whether the form client says was
closed just now is indeed the form that is recorded in
that entry as the valid form. Then later, in step 7 the
client tries to submit its valid form fields, these will
be rejected because the entry is missing.

It turns out the procedure where the broken code resides
already gets the form name so a simple "if" around the
offending piece of code fixes the whole thing. And
advtrains TSS agrees with that.
2019-01-21 09:53:09 +01:00
Wuzzy
df6670b28a Make advanced settings noiseparams strings translatable (#8062)
Various minor language improvements in settingtypes.txt.
2019-01-20 18:49:17 +00:00
srifqi
9512c2986e Advanced settings noiseparams: No tailing comma for empty flags
Previously, when editing noiseparams and disabling all the noise
flags, the noiseparam is displyed in advanced settings with a
tailing comma.
2019-01-19 18:37:19 +00:00
SmallJoker
80b9015939 Advanced settings noiseparams: Remove '}' left in .conf
Previously, when editing noiseparams then restoring them to the default,
the final '}' was not removed from minetest.conf.
2019-01-19 18:31:41 +00:00
Paul Ouellette
11b550e024 Remove incorrect feature flag (#8086)
And document the versions that introduced the features.
2019-01-19 15:17:05 +01:00
Jozef Behran
6e37fdc21d Optimize subgames search a little bit (#8096)
Reserve space for the list of games in findWorldSubgame. The
performance gain is pretty much negligible but this change
also gets rid of a performance warning by CLANG TIDY.
2019-01-18 10:47:50 +01:00
Paul Ouellette
3fce27ece5 Fix some misspellings (#8104) 2019-01-16 13:39:13 +01:00
SmallJoker
ed1415f78d
world.mt: Only accept true/false/nil values (#8055)
This patch will make distinguishable mods in modpacks possible in the future
`nil` checks are required to provide backwards-compatibility for fresh configured worlds
2019-01-13 16:22:32 +01:00
Jozef Behran
a51909bb64 Speed up the craft definition handling (#8097)
The craft definition handling code that collects the names of
the craftable nodes suffers from vector reallocation
performance hits, slowing down instances with lots of
crafting recipes (VanessaE's DreamBuilder and most public
server some to my mind when thinking about this). As in each
instance the size of the resulting vector is already known,
add a reserve() call before the offending loops to allocate
the needed chunk of memory within the result vector in one
go, getting rid of the overhead.
2019-01-13 15:11:47 +01:00
Jozef Behran
5a00b11895 Optimize path finalization in pathfinder (#8100)
The pathfinder needs quite a bunch of items to add to the
resulting list. It turns out the amount of the space needed
for the finalized path is known in advance so preallocate it
to avoid a burst of reallocation calls each time something
needs to look for a path.
2019-01-12 16:57:26 +01:00
Jozef Behran
03cc93f489 Fix fake LINT check success (#8092)
The code 'if [ -z ${something} ]; then ... fi' means "if
${something} is an empty string, yell at the command line
about 'binary operator expected' and ignore the body of the
if statement, if ${something} is not an empty string,
the condition is false so ignore the body of the if
statement" which clearly isn't what the author wanted. Fix
it by adding a few quotes around the offending ${something}.
2019-01-12 16:15:42 +01:00
Paul Ouellette
a18c310adb Make sqlite3 the default auth backend (#8085) 2019-01-10 07:54:20 +01:00
Loic Blot
f4099192e3
Import strstr function from FreeBSD 11 libc 2019-01-10 00:17:08 +01:00
Loïc Blot
0acdf93683 Android build fixes
This fixes #8079
2019-01-09 14:39:43 +01:00
rubenwardy
4b04268304 pkgmgr: Fix games list not being updated after game install
Fixes #8074
2019-01-09 13:14:33 +00:00
Paramat
630c0ea997
Settingtypes.txt: Rewrite documentation of 'num_emerge_threads' (#8066) 2019-01-09 08:00:50 +00:00
Loïc Blot
95d4ff6d1b
Fix a crash on Android with Align2Npot2 (#8070)
* Fix a crash on Android with Align2Npot2

glGetString can be NULL. If stored in a string it triggers a SIGSEGV.
Instead do a basic strstr and verify the pointer
* Better Align2Npot2 check (+ performance)
2019-01-07 17:05:18 +01:00
DS
07c1c72aae Fix wrong code comment (#8061)
"Get core.registered_on_chat_messages" to "Get core.registered_on_player_receive_fields" where `core.registered_on_player_receive_fields` is gotten
2019-01-06 17:21:04 +01:00
rubenwardy
6169ecaa4a Content store: Disable more details dialog for now (#8060)
* Content store: Disable more details dialog for now
2019-01-06 16:54:22 +01:00
rubenwardy
f5de187b6c Content store: Fix update button not working 2019-01-06 13:18:40 +00:00
SmallJoker
a122ba0ef4 Fix various bugs (Anticheat, Lua helpers) (#8013)
* Fix various bugs (Anticheat, Lua helpers)

Anticheat: Use camera position instead of player position for shoot line calculations
Lua helpers: Increase 'i' to not overwrite earlier added table values

* Remove lag compensation

* * 1.5 for larger selection boxes
2019-01-06 10:24:44 +01:00
rubenwardy
70bf3439ab Deprecate modpack.txt and use modpack.conf instead (#7892)
* Deprecate modpack.txt and use modpack.conf instead
2019-01-06 10:23:35 +01:00
Translations
3a9fe2bd5b
Run updatepo.sh 2019-01-06 09:33:11 +01:00
Translations
893b5d50c2
Update translations from Weblate 2019-01-06 09:32:00 +01:00
Loïc Blot
9854340c0b Drop libgmp on Android and use mini-gmp (#8047) 2019-01-04 16:45:37 +01:00
Loïc Blot
6b978f88e3 Bump android version code for next Play Store version 2019-01-04 14:16:45 +01:00
Loïc Blot
022b1eca0b
Make sqlite3 default auth & player backends for new worlds (#8043)
* Make sqlite3 default auth & player backends for new worlds

Also notify about auth backend depreciation
2019-01-04 12:55:07 +01:00
Loïc Blot
4a7c97c5f6 Fix on_successful_save -> onSuccessfulSave 2019-01-04 11:33:04 +01:00
Loïc Blot
c1d7dbfc38 Fix various player save issues (performance penalty on sql backends + bugs)
* PostgreSQL & SQLite3 doesn't setModified(false) on RemotePlayer, then player is saved on each server save call. This results in heavy useless writes.
* PostgreSQL & SQLite3 ack engine meta write whereas db commit hasn't been performed. If commit failed write has failed. We mustn't notify engine write is done.
* serializing player meta must not setModified(false) because it didn't ensure write has been done
* add RemotePlayer::on_successfull_save callback to do the flag update on a successful save
2019-01-04 10:20:04 +01:00
Loïc Blot
0717719073 Player file directory must be only created when using file backend.
Also ensure on each player save that the directory exists
2019-01-04 10:06:46 +01:00
sofar
cf224c9d6b Remove remote media compatibility mode. (#8044)
The fallback code shouldn't be needed and is a remnant of the GET
method that old media servers use. Clients using it are likely
to just waste bandwidth and having to download the media again
through the normal transfer from server method. The most reliable
method is to get all missing textures therefore from the server
directly and not spam the remote media server with 404s.
2019-01-04 00:26:08 +01:00
SmallJoker
bba4563d89 Proselytize the network. Use IEEE F32 (#8030)
* Proselytize the network. Use IEEE F32
* Remove unused V2F1000 functions
2019-01-03 17:04:26 +01:00
Paramat
ceacff13a6 CSM restrictions: Make 'LOAD_CLIENT_MODS' disable loading of 'builtin' (#8000)
Previously, when the CSM restriction 'LOAD_CLIENT_MODS' was used a
client was still able to add CSM code to 'builtin' to bypass that
restriction, because 'builtin' is not yet verified.

Until server-sent CSM and verifying of 'builtin' are complete, make
'LOAD_CLIENT_MODS' disable the loading of builtin.

Clarify code comments and messages to distinguish between client-side
modding and client-side scripting. 'Scripting' includes 'builtin',
'modding' does not.
2019-01-03 12:10:07 +01:00
Moose
c26eab6319 autojump setting: Remove repeated doc line (#8041) 2019-01-02 23:32:19 +01:00
HybridDog
c6f784f43b Add minetest.load_area (#8023) 2018-12-31 00:32:54 +00:00
random-geek
aa5ec2ec02 Extend pitch fly mode to swimming (#7943) 2018-12-31 00:07:30 +00:00
rubenwardy
7d7ccf5c0f Fix installed modpacks not being found correctly 2018-12-30 12:26:44 +00:00
stujones11
badecfa471 Update README.android with current build info (#8026) 2018-12-28 23:31:09 +01:00
rubenwardy
f12d374956 Content store: Fix bugs relating to packages list size 2018-12-26 12:47:32 +00:00
Loïc Blot
a5197eaebc
CSM: add requested CSM_RF_READ_PLAYERINFO (#8007)
* CSM: add requested CSM_RF_READ_PLAYERINFO

This new CSM limit permit to limit PLAYERINFO read from server.

It affects get_player_names call
2018-12-24 10:51:10 +01:00
Paramat
9080d7c990
Remove 'Reset singleplayer world' button from full menu on Android (#8017)
Make button appearence dependent on menustyle not platform.
Button only functions with simple menu.
2018-12-23 23:49:08 +00:00
SmallJoker
67049eba3c Fix entity rotation in existing worlds (#7989) 2018-12-23 23:22:27 +00:00
stujones11
b8b33a6423 Android: Fix start-up crashes on version 4.x (#8003)
* Android: Load shared STL library

* Android: Fix exception with window background image
2018-12-22 19:02:00 +01:00
Vitaliy
309e158fc8 mapnode: add const/noexcept (#8009) 2018-12-22 17:36:24 +01:00
rubenwardy
0990ddb3bb Android: Fix memory leak when displaying images in the mainmenu (#8011) 2018-12-22 08:46:41 +01:00
ClobberXD
a318bceb63 Lua_api.txt: Add documentation of missing field to 'on_punch' (#8008) 2018-12-22 00:32:27 +00:00
SmallJoker
2a69f874da reportMetadataChange; Silence clang warnings 2018-12-21 19:05:29 +01:00
stujones11
d994f7ca5f Fix more transparency issues with ogles2 driver (#8005) 2018-12-20 23:40:17 +01:00
stujones11
ba07a8b872 Android: Move touchscreen rare controls inline with settings icon (#8006) 2018-12-20 21:11:57 +00:00
Kevin Abrams
b7eb81fed9 Add command line option to load password from file (#7832) 2018-12-18 20:15:14 +01:00