ConfigFile Doc: Adding guidance against remote code execution
This commit is contained in:
betalars
parent
c2967837dd
commit
aaf5443832
1 changed files with 11 additions and 0 deletions
|
|
@ -164,6 +164,17 @@
|
|||
<description>
|
||||
Loads the config file specified as a parameter. The file's contents are parsed and loaded in the [ConfigFile] object which the method was called on.
|
||||
Returns [constant OK] on success, or one of the other [enum Error] values if the operation failed.
|
||||
[b]Warning:[/b] Loading Data from a Config File may allow for remote code execution. This is non-trivial to midigate, but storing a [readme] file in the same directory can warn users against downloading untrusted configurations:
|
||||
[codeblocks]
|
||||
[gdscript]
|
||||
var config_path = "user://"
|
||||
var config_file_name = "my_game.config"
|
||||
# check if configuration has been initialized:
|
||||
if not FileAccess.file_exists("%s%s" % [config_path, config_file_name]):
|
||||
var readme := FileAccess.open("%s%s" % [config_path, "README.txt"], FileAccess.WRITE)
|
||||
readme.store_string("Caution: It is not advised to use Config-files you find online, as malicious files may compromise your device. ")
|
||||
[/gdscript]
|
||||
[/codeblocks]
|
||||
</description>
|
||||
</method>
|
||||
<method name="load_encrypted">
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue