Page MenuHomePhabricator
Create Task
Maniphest T106944

mw.makeProtectedEnvFuncs can be accessed from modules
Open, MediumPublic
Actions

Description

I've just found that mw.makeProtectedEnvFuncs can be accessed from modules with the code require( 'mwInit' ).makeProtectedEnvFuncs. This doesn't allow overriding the allowEnvFuncs setting,[1] but given that mw.makeProtectedEnvFuncs was hidden from modules with rELUA1efe182e it seems like unexpected behaviour.

[1] Example of trying to use getfenv:

setfenv, getfenv = require( 'mwInit' ).makeProtectedEnvFuncs( {}, {} )
getfenv( function () end ) --  Error: attempt to call upvalue 'old_getfenv' (a nil value)

Related Objects

Event Timeline

MrStradivarius created this task.Jul 25 2015, 1:36 PM
MrStradivarius raised the priority of this task from to Medium.
MrStradivarius updated the task description. (Show Details)
MrStradivarius added a project: Scribunto.
MrStradivarius subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 25 2015, 1:36 PM
Jackmcbarn subscribed.Jul 25 2015, 3:13 PM

mwInit isn't really intended to be loaded via require(). (Neither is most of the other stuff in lualib, now that I think about it.) Perhaps we should move libraryUtil, bit32, and luabit to a different directory and have that be the directory require() can see.

MrStradivarius added a comment.Jul 25 2015, 3:30 PM
In T106944#1482427, @Jackmcbarn wrote:

Perhaps we should move libraryUtil, bit32, and luabit to a different directory and have that be the directory require() can see.

That sounds like a good plan to me.

Anomie subscribed.Jul 27 2015, 2:50 PM

Most of the stuff there is "protected" because trying to include "mw.foo" will look for /path/to/mw/foo.lua rather than /path/to/mw.foo.lua. But moving the ones that are supposed to be loadable into a different directory would be even better, so let's do that.

Note that the "upstream" pure-Lua version of ustring is also allowed to be loaded, although in practice I don't know why anyone would want to outside of tests/engines/LuaCommon/UstringLibraryPureLuaTest.php.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL