From de03db99e7110b65190d6d3fe540dfed623b33f2 Mon Sep 17 00:00:00 2001
From: wolfy852 <wolfy852@hotmail.com>
Date: Wed, 20 Jan 2016 21:31:00 -0600
Subject: [PATCH] Block possible methods of accessing folders outside of SRB2

---
 src/blua/liolib.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/blua/liolib.c b/src/blua/liolib.c
index 6dd877046..100dbb6c1 100644
--- a/src/blua/liolib.c
+++ b/src/blua/liolib.c
@@ -153,6 +153,12 @@ static int io_tostring (lua_State *L) {
   return 1;
 }
 
+static int StartsWith(const char *a, const char *b) // this is wolfs being lazy yet again
+{
+   if(strncmp(a, b, strlen(b)) == 0) return 1;
+   return 0;
+}
+
 
 static int io_open (lua_State *L) {
 	const char *filename = luaL_checkstring(L, 1);
@@ -166,7 +172,8 @@ static int io_open (lua_State *L) {
 			break;
 		}
 	}
-	if (strstr(filename, "../") || strstr(filename, "..\\") || !pass)
+	if (strstr(filename, "..") || strchr(filename, ':') || StartsWith(filename, "\\")
+		|| StartsWith(filename, "/") || !pass)
 	{
 		luaL_error(L,"access denied to %s", filename);
 		return pushresult(L,0,filename);
-- 
GitLab