diff options
| author | Jesse Plamondon-Willard <github@jplamondonw.com> | 2017-10-12 22:20:19 -0400 |
|---|---|---|
| committer | Jesse Plamondon-Willard <github@jplamondonw.com> | 2017-10-12 22:20:19 -0400 |
| commit | 1e19a170be1d540e815f89c1ae60c2b53f6123bf (patch) | |
| tree | 8a2a0bac8b71b104daf0dc7ae913311b0724f73f /src | |
| parent | 61a8b7bf2dcf9b8167fe0119a574d34ef97f1351 (diff) | |
| download | SMAPI-1e19a170be1d540e815f89c1ae60c2b53f6123bf.tar.gz SMAPI-1e19a170be1d540e815f89c1ae60c2b53f6123bf.tar.bz2 SMAPI-1e19a170be1d540e815f89c1ae60c2b53f6123bf.zip | |
refuse to load custom map tilesheets with absolute or directory-climbing paths (#368)
Diffstat (limited to 'src')
| -rw-r--r-- | src/SMAPI/Framework/ModHelpers/ContentHelper.cs | 4 | ||||
| -rw-r--r-- | src/SMAPI/Framework/SContentManager.cs | 8 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/SMAPI/Framework/ModHelpers/ContentHelper.cs b/src/SMAPI/Framework/ModHelpers/ContentHelper.cs index 4440ae40..4f5bd2f0 100644 --- a/src/SMAPI/Framework/ModHelpers/ContentHelper.cs +++ b/src/SMAPI/Framework/ModHelpers/ContentHelper.cs @@ -239,6 +239,10 @@ namespace StardewModdingAPI.Framework.ModHelpers { string imageSource = tilesheet.ImageSource; + // validate + if (Path.IsPathRooted(imageSource) || imageSource.Split(SContentManager.PossiblePathSeparators).Contains("..")) + throw new ContentLoadException($"The '{imageSource}' tilesheet couldn't be loaded. Tilesheet paths must be a relative path without directory climbing (../)."); + // get seasonal name (if applicable) string seasonalImageSource = null; if (Game1.currentSeason != null) diff --git a/src/SMAPI/Framework/SContentManager.cs b/src/SMAPI/Framework/SContentManager.cs index f3a1dd9a..db202567 100644 --- a/src/SMAPI/Framework/SContentManager.cs +++ b/src/SMAPI/Framework/SContentManager.cs @@ -21,9 +21,6 @@ namespace StardewModdingAPI.Framework /********* ** Properties *********/ - /// <summary>The possible directory separator characters in an asset key.</summary> - private static readonly char[] PossiblePathSeparators = new[] { '/', '\\', Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar }.Distinct().ToArray(); - /// <summary>The preferred directory separator chaeacter in an asset key.</summary> private static readonly string PreferredPathSeparator = Path.DirectorySeparatorChar.ToString(); @@ -64,8 +61,11 @@ namespace StardewModdingAPI.Framework /// <summary>Interceptors which edit matching assets after they're loaded.</summary> internal IDictionary<IModMetadata, IList<IAssetEditor>> Editors { get; } = new Dictionary<IModMetadata, IList<IAssetEditor>>(); + /// <summary>The possible directory separator characters in an asset key.</summary> + internal static readonly char[] PossiblePathSeparators = new[] { '/', '\\', Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar }.Distinct().ToArray(); + /// <summary>The absolute path to the <see cref="ContentManager.RootDirectory"/>.</summary> - public string FullRootDirectory => Path.Combine(Constants.ExecutionPath, this.RootDirectory); + internal string FullRootDirectory => Path.Combine(Constants.ExecutionPath, this.RootDirectory); /********* |