AspireMint reports: Comma in petz nametag displays ... #6038
Labels
No Label
1. kind/balancing
1. kind/breaking
1. kind/bug
1. kind/construction
1. kind/documentation
1. kind/enhancement
1. kind/griefing
1. kind/invalid
1. kind/meme
1. kind/node limit
1. kind/other
1. kind/protocol
2. prio/controversial
2. prio/critical
2. prio/elevated
2. prio/good first issue
2. prio/interesting
2. prio/low
3. source/art
3. source/client
3. source/engine
3. source/ingame
3. source/integration
3. source/lag
3. source/license
3. source/mod upstream
3. source/unknown
3. source/website
4. step/approved
4. step/at work
4. step/blocked
4. step/discussion
4. step/help wanted
4. step/needs confirmation
4. step/partially fixed
4. step/question
4. step/ready to deploy
4. step/ready to QA test
4. step/want approval
5. result/cannot reproduce
5. result/duplicate
5. result/fixed
5. result/maybe
5. result/wontfix
ugh/petz
ugh/QA main
ugh/QA NOK
ugh/QA OK
No Milestone
No project
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: your-land/bugtracker#6038
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
AspireMint reports a bug:
Player position:
Player look:
Player information:
Player meta:
Log identifier
Profiler save:
Status:
Teleport command:
Compass command:
That's bc. petz formspec-escapes tags before storing them...
(which is actually a good idea bc. it saves them a lot of work when creating all kinds of formspecs)
the solution is to mark specific variables as being user-supplied. late 90s perl had a great library for ensuring that (taint), we lua users aren't afforded such luxuries.
Is that actually a feature or is that a wish that may never come true?
it's almost impossible without some custom modifications to the lua interpreter, so basically a wish that will never come.
You could technically wrap all relative functions (like
minetest.show_formspec
) to take only special type of objects instead of strings - like aFormspec
object, and make it so thatFormspec
always escapes strings passed to it...UPD *relative -> relevant, had a brain fart
Isn't that what MT is supposed to do or at least minetest.formspec_escape is supposed to do?
that's the function to fix things sometimes, but it certainly can't fix everything. the goal of perl taint wasn't to make it impossible to make mistakes, but rather to force coders to consider how a value might be used minimally, and make it an error to show no consideration whatsover.
a lot of minetest mods were made as someone's first coding project, haven't been worked on in 5 years, and are still heavily used. i'd love it if some minimal standards were enforced, to improve the baseline code quality.
but this is all fanciful thinking, i don't think such a proposal would ever get accepted into the minetest engine, as it would break so many things.
i am not giving on on minetest at all, i'm just lamenting what it could be in an alternate universe.