PHP can't handle having arrays/objects or functions as keys in its
arrays, so make sure we don't try to pass them from Lua. Booleans aren't
really well-handled either, so let's disallow them too.
Also, add tests for proper stringification of floats and infinities when
those are used as keys.
Note this behavior change is needed to match the change in LuaSandbox
for fixing bug 54527, but isn't itself a security issue.
Change-Id: I1e2951bbe8cb78358650ad377bf7119fcac4485d
The existing unit tests work, but the setup is really not amenable to
the addition of additional tests in a modular fashion. This splits
things out so there is a framework for tests in Lua, and all a module
has to do on the Lua side is supply a list of functions to call and
results to expect. And then on the php side, only one array entry and
two short functions need to be added to LuaSandboxEngineTest to run the
tests.
Change-Id: Ib241b246aa0c7223c33887b38a5858582d7d31b0
* Implemented the new parser interface based on a frame object, as
described in the design document and wikitech-l.
* Added parser tests for the new interface.
* Removed {{script:}} parser function
* Allow named parameters to {{#invoke:}}
* Don't trim the return value
* If a function invoked by #invoke returns multiple values, concatenate
them into a single string.
* If there is an error during parse, show the error message as an HTML
comment as well as via JavaScript. This makes parser test construction
easier, and probably makes debugging easier also.
* Rename mw_internal to mw_php to clarify its role. It is now strictly a
private Lua -> PHP interface function table.
* Protect mw.setup() against multiple invocation.
* Fixed a bug in Scribunto_LuaStandaloneInterpreter::receiveMessage():
large packets caused fread() to return with less than the requested
amount of data, which previously caused an exception. It's necessary
to check for EOF and to repeat the read to get all data. The receive
function on the Lua side does not suffer from this problem.
* In the standalone engine, fixed a bug in the interpretation of null
return values from PHP callbacks. This should return no values to Lua.
* Updated the Lua unit tests to account for the fact that functions are
now forced to return strings.
* Updated the getfenv and setfenv tests to account for the extra stack
level introduced by mw.executeFunction().
Change-Id: If8fdecdfc91ebe7bd4b1dae8489ccbdeb6bbf5ce
Fixed the issue noticed during testing of da06273e, and which resulted
in satest.setfenv1() being disabled. It's not possible to protect
environments by iterating through every stack level, calling getfenv()
at each one, because if any of the stack levels is a tail call, an error
is raised.
Such a tail call was introduced in da06273e, which is why the test broke.
Instead, just protect the actual specified environments, not their
callers. The callers will have to protect themselves.
Change-Id: If39104010ff2663c1bae5105cc8d37e276532100
* Added error backtrace collection to MWServer:handleCall()
* When there is an error on parse, show a short and simple inline error
message to the user, which when clicked, expands to a full error with
HTML-formatted backtrace.
* When an error is encountered during module validation, have the code
editor jump directly to the line. Requires r115011.
* Expose the code location of most errors to Scribunto, by parsing the
standard error message format.
* During module validation, abbreviate the error location if the error
is in the same module.
* Do not execute the module during validation, just parse it. Execution
does not really work without an active parse operation in progress.
It already caused a fatal error if you called require() from the main
chunk, and problems would have become more visible as more
parser-related APIs were added.
* LuaSandbox does not yet provide backtraces, but this is planned.
Change-Id: Id9f6564a41b310792b3fe3ebb527cbf8f8771bd1
* Added tests for the engine classes.
* Added some tests that run under Lua.
* In the chunk names, fixed truncation of module names at 60 bytes
by using an "=" prefix instead of @.
* Fixed a bug in mw.clone() which was causing the metatable to be set on
the source table instead of the destination.
* Put restricted setfenv/getfenv in the cloned environment rather than
the base environment, they work better that way.
* In setfenv(), check for getfenv() == nil, since that's what our own
restricted getfenv returns.
* Fixed getfenv() handling of numeric arguments: add one where
appropriate.
Change-Id: I2b356fd65a3fcb348c4e99a3a4267408fb995739