From 43ebe3abdcb86e0edebb2d581e07064df7fdf467 Mon Sep 17 00:00:00 2001 From: Matthias Hecker Date: Sat, 13 Jun 2015 20:03:40 +0200 Subject: script: make $SAFE configureable --- data/rbot/plugins/script.rb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/data/rbot/plugins/script.rb b/data/rbot/plugins/script.rb index 0923dd5d..ccdf037d 100644 --- a/data/rbot/plugins/script.rb +++ b/data/rbot/plugins/script.rb @@ -17,6 +17,10 @@ define_structure :Command, :code, :nick, :created, :channel class ScriptPlugin < Plugin + Config.register Config::IntegerValue.new('script.safe', + :default => 3, + :desc => 'configure $SAFE level for scripts (3=safe/tainted, 0=unsafe/ruby default)') + def initialize super if @registry.has_key?(:commands) @@ -68,8 +72,7 @@ class ScriptPlugin < Plugin user = args.empty? ? m.sourcenick : args.first Thread.start { - # TODO allow different safe levels for different botusers - $SAFE = 3 + $SAFE = @bot.config['script.safe'] begin eval( code ) @@ -105,7 +108,8 @@ class ScriptPlugin < Plugin def handle_eval( m, params ) code = params[:code].to_s.dup.untaint Thread.start { - # TODO allow different safe levels for different botusers + $SAFE = @bot.config['script.safe'] + begin eval( code ) rescue Exception => e @@ -119,7 +123,8 @@ class ScriptPlugin < Plugin def handle_echo( m, params ) code = params[:code].to_s.dup.untaint Thread.start { - # TODO allow different safe levels for different botusers + $SAFE = @bot.config['script.safe'] + begin m.reply eval( code ).to_s rescue Exception => e -- cgit v1.2.3