Skip to content

Commit

Permalink
refactor(server/zoneCreator): output format and path, security fix
Browse files Browse the repository at this point in the history 
Don't allow players to trigger ox_lib:saveZone without ace permissions.
Write created_zones to root.
Use explicit vectors and set name as a string.
  • Loading branch information
@thelindat
thelindat committed Sep 14, 2022
1 parent c95fd8e commit 3084265
Showing 1 changed file with 19 additions and 23 deletions.
42 changes: 19 additions & 23 deletions resource/zoneCreator/server.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ local parse = {
poly = function(data)
local points = {}
for i = 1, #data.points do
points[#points + 1] = ('\t\tvec(%s, %s, %s),\n'):format((data.points[i].x), (data.points[i].y), data.zCoord)
points[#points + 1] = ('\t\tvec3(%s, %s, %s),\n'):format((data.points[i].x), (data.points[i].y), data.zCoord)
end

local pattern
if printFunction then
pattern = {
'local poly = lib.zones.poly({\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tname = "%s",\n'):format(data.name or 'none'),
'\tpoints = {\n',
('%s\t},\n'):format(table.concat(points)),
('\tthickness = %s,\n'):format(data.height),
Expand All @@ -47,7 +47,7 @@ local parse = {
else
pattern = {
'{\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tname = "%s",\n'):format(data.name or 'none'),
'\tpoints = {\n',
('%s\t},\n'):format(table.concat(points)),
('\tthickness = %s,\n'):format(data.height),
Expand All @@ -62,20 +62,20 @@ local parse = {
if printFunction then
pattern = {
'local box = lib.zones.box({\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tcoords = vec(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tsize = vec(%s, %s, %s),\n'):format(data.width, data.length, data.height),
('\tname = "%s",\n'):format(data.name or 'none'),
('\tcoords = vec3(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tsize = vec3(%s, %s, %s),\n'):format(data.width, data.length, data.height),
('\trotation = %s,\n'):format(data.heading),
'})\n',
}
else
pattern = {
'{\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tcoords = vec(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tsize = vec(%s, %s, %s),\n'):format(data.width, data.length, data.height),
('\tname = "%s",\n'):format(data.name or 'none'),
('\tcoords = vec3(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tsize = vec3(%s, %s, %s),\n'):format(data.width, data.length, data.height),
('\trotation = %s,\n'):format(data.heading),
'}\n',
'},\n',
}
end

Expand All @@ -86,31 +86,27 @@ local parse = {
if printFunction then
pattern = {
'local sphere = lib.zones.sphere({\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tcoords = vec(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tname = "%s",\n'):format(data.name or 'none'),
('\tcoords = vec3(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tradius = %s,\n'):format(data.heading),
'})\n',
}
else
pattern = {
'{\n',
('\tname = %s,\n'):format(data.name or 'none'),
('\tcoords = vec(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tname = "%s",\n'):format(data.name or 'none'),
('\tcoords = vec3(%s, %s, %s),\n'):format(data.xCoord, data.yCoord, data.zCoord),
('\tradius = %s,\n'):format(data.heading),
'}\n',
'},\n',
}
end

return table.concat(pattern)
end,
}

local path = GetResourcePath(GetCurrentResourceName()) .. '/resource/zone creator/created_zones.lua'
path = path:gsub('//', '/')
RegisterServerEvent('ox_lib:saveZone', function(data)
local file = io.open(path, 'a')
io.output(file)
local output = parse[data.zoneType](data)
io.write(output)
io.close(file)
RegisterNetEvent('ox_lib:saveZone', function(data)
if not source or not IsPlayerAceAllowed(source, 'command') then return end
local output = (LoadResourceFile(cache.resource, 'created_zones.lua') or '') .. parse[data.zoneType](data)
SaveResourceFile(cache.resource, 'created_zones.lua', output, -1)
end)

0 comments on commit 3084265

Please sign in to comment.