Browse Source

Make Python.Cheat command more usable by not parsing its argument

The argument is now always treated as a plain string and passed directly
to the cheat. This is the behavior expected by all the functions in
xCheat.py, which parse the string argument manually where needed.

The previous implementation evaluated the argument value as a Python
expression. This theoretically allowed passing non-string arguments, but
none of the cheats use this (and it's also a potential code execution
issue). If no argument was passed, the function was called with no
arguments, which is also not supported by any of the cheats.

In practice, this required unintuitive syntax for calling the cheats
correctly, for example:

    Python.Cheat GetPlayerID None
    Python.Cheat GetSDL "'FirstWeekClothing'"

With the new argument handling, these have been simplified to:

    Python.Cheat GetPlayerID
    Python.Cheat GetSDL FirstWeekClothing
tickets/54/54/1
dgelessus 1 year ago
parent
commit
96facaa7bb
  1. 11
      Sources/Plasma/FeatureLib/pfConsole/pfConsoleCommands.cpp
  2. 42
      Sources/Plasma/FeatureLib/pfPython/cyPythonInterface.cpp
  3. 4
      Sources/Plasma/FeatureLib/pfPython/cyPythonInterface.h

11
Sources/Plasma/FeatureLib/pfConsole/pfConsoleCommands.cpp

@ -7061,17 +7061,12 @@ PF_CONSOLE_CMD( Python,
"string functions, ...", // Params "string functions, ...", // Params
"Run a cheat command" ) "Run a cheat command" )
{ {
std::string extraParms; const char* extraParms = "";
if (numParams > 1) if (numParams > 1)
{ {
extraParms = "("; extraParms = params[1];
extraParms.append(params[1]);
extraParms.append(",)");
} }
else PythonInterface::RunFunctionStringArg("xCheat", params[0], extraParms);
extraParms = "()";
PythonInterface::RunFunctionSafe("xCheat", params[0], extraParms.c_str());
std::string output; std::string output;
// get the messages // get the messages

42
Sources/Plasma/FeatureLib/pfPython/cyPythonInterface.cpp

@ -2102,38 +2102,32 @@ PyObject* PythonInterface::RunFunction(PyObject* module, const char* name, PyObj
return result; return result;
} }
PyObject* PythonInterface::ParseArgs(const char* args) bool PythonInterface::RunFunctionStringArg(const char* module, const char* name, const char* arg)
{
PyObject* result = NULL;
PyObject* scope = PyDict_New();
if (scope)
{
//- Py_eval_input makes this function accept only single expresion (not statement)
//- When using empty scope, functions and classes like 'file' or '__import__' are not visible
result = PyRun_String(args, Py_eval_input, scope, NULL);
Py_DECREF(scope);
}
return result;
}
bool PythonInterface::RunFunctionSafe(const char* module, const char* function, const char* args)
{ {
PyObject* moduleObj = ImportModule(module); PyObject* moduleObj = ImportModule(module);
bool result = false; bool result = false;
if (moduleObj) if (moduleObj)
{ {
PyObject* argsObj = ParseArgs(args); PyObject* argObj = PyString_FromString(arg);
if (argsObj) if (argObj)
{ {
PyObject* callResult = RunFunction(moduleObj, function, argsObj); PyObject* argsObj = PyTuple_New(1);
if (callResult) if (argsObj)
{ {
result = true; // PyTuple_SET_ITEM steals the reference to argObj.
Py_DECREF(callResult); PyTuple_SET_ITEM(argsObj, 0, argObj);
PyObject* callResult = RunFunction(moduleObj, name, argsObj);
if (callResult)
{
result = true;
Py_DECREF(callResult);
}
Py_DECREF(argsObj);
}
else
{
Py_DECREF(argObj);
} }
Py_DECREF(argsObj);
} }
Py_DECREF(moduleObj); Py_DECREF(moduleObj);
} }

4
Sources/Plasma/FeatureLib/pfPython/cyPythonInterface.h

@ -223,9 +223,7 @@ public:
static PyObject* RunFunction(PyObject* module, const char* name, PyObject* args); static PyObject* RunFunction(PyObject* module, const char* name, PyObject* args);
static PyObject* ParseArgs(const char* args); static bool RunFunctionStringArg(const char* module, const char* name, const char* arg);
static bool RunFunctionSafe(const char* module, const char* function, const char* args);
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
// //

Loading…
Cancel
Save